CVE-2026-23468
Published: Apr 3, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bo_number field. Although the previous multiplication overflow check prevents out-of-bounds allocation, a large number of entries could still cause excessive memory allocation (up to potentially gigabytes) and unnecessarily long list processing times. Introduce a hard limit of 128k entries per BO list, which is more than sufficient for any realistic use case (e.g., a single list containing all buffers in a large scene). This prevents memory exhaustion attacks and ensures predictable performance. Return -EINVAL if the requested entry count exceeds the limit (cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d38ceaf99ed015f2a0b9af3499791bd3a3daae21 - < c833d6c7199c5b5fca9ec95593acd539ec9c171caffected d38ceaf99ed015f2a0b9af3499791bd3a3daae21 - < e620378aab78d415bd8a15a2f91c145906520288affected d38ceaf99ed015f2a0b9af3499791bd3a3daae21 - < 2723e6851309531ce61aed74e93a0cd268cc862aaffected d38ceaf99ed015f2a0b9af3499791bd3a3daae21 - < 5ce4a38e6c2488949e373d5066303f9c128db614affected d38ceaf99ed015f2a0b9af3499791bd3a3daae21 - < f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9+1 more versions |
Linux | Linux | affected 4.2unaffected 0 - < 4.2unaffected 6.1.175 - <= 6.1.*unaffected 6.6.140 - <= 6.6.*unaffected 6.12.86 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now