CVE-2026-45853
Published: May 27, 2026· Updated: May 27, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()
amdgpu_discovery_get_nps_info() internally allocates memory for ranges
using kvcalloc(), which may use vmalloc() for large allocation. Using
kfree() to release vmalloc memory will lead to a memory corruption.
Use kvfree() to safely handle both kmalloc and vmalloc allocations.
Compile tested only. Issue found using a prototype static analysis tool
and code review.
Technical Analysis
CVE-2026-45853 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
Affected Vendors & Products
Exploit & PoC Resources
All References (4)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-45853 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts