PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45979 Linux CVE debrief

A vulnerability in the Linux kernel's AMDGPU DRM driver has been resolved. The issue involved improper cleanup in `amdgpu_cs_parser_bos()` when `kmalloc()` fails under low memory conditions. The fix ensures the mutex is properly unlocked for a clean exit path. The `amdgpu_bo_list_put()` call was not needed in the error path as it is already handled by `amdgpu_cs_parser_fini()`. This is a memory exhaustion handling bug that could lead to resource leaks or deadlocks.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators running AMDGPU graphics, kernel maintainers, embedded systems with memory constraints

Technical summary

The AMDGPU driver's command submission parser (`amdgpu_cs_parser_bos`) did not properly handle `kmalloc()` failure scenarios under low memory conditions. When memory allocation failed, the mutex was not unlocked before exit, potentially causing deadlocks or resource leaks. The fix adds proper mutex unlock in the error path. The `amdgpu_bo_list_put()` cleanup was removed from this path as it is redundantly handled by `amdgpu_cs_parser_fini()`.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates containing the referenced commits when available from your Linux distribution
  • Monitor stable kernel changelogs for backport status of commits 0905a1d4a550 and f025a2b8d933
  • Review systems using AMDGPU graphics for kernel version exposure
  • Prioritize patching on systems with constrained memory environments where kmalloc failures are more likely

Evidence notes

CVE published 2026-05-27. Kernel commit references confirm the fix was applied to stable kernel branches. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources

2026-05-27