CVE-2026-45853

Source
https://cve.org/CVERecord?id=CVE-2026-45853
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45853.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45853
Downstream
Published
2026-05-27T12:15:27.453Z
Modified
2026-07-15T01:49:08.583808315Z
Summary
drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges()

amdgpudiscoverygetnpsinfo() internally allocates memory for ranges using kvcalloc(), which may use vmalloc() for large allocation. Using kfree() to release vmalloc memory will lead to a memory corruption.

Use kvfree() to safely handle both kmalloc and vmalloc allocations.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45853.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b194d21b9bcc15b50df1bc3ff7428e51c2918a6f
Fixed
16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e
Fixed
9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5
Fixed
f441538893eba6347b983f2904819ca6c99da65e
Fixed
0c44d61945c4a80775292d96460aa2f22e62f86c

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45853.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45853.json"