Linux Kernel AMDGPU BO list overflow (CVE-2026-23468)
CVE-2026-23468 Published on April 3, 2026
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Userspace can pass an arbitrary number of BO list entries via the
bo_number field. Although the previous multiplication overflow check
prevents out-of-bounds allocation, a large number of entries could still
cause excessive memory allocation (up to potentially gigabytes) and
unnecessarily long list processing times.
Introduce a hard limit of 128k entries per BO list, which is more than
sufficient for any realistic use case (e.g., a single list containing all
buffers in a large scene). This prevents memory exhaustion attacks and
ensures predictable performance.
Return -EINVAL if the requested entry count exceeds the limit
(cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)
Products Associated with CVE-2026-23468
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 5ce4a38e6c2488949e373d5066303f9c128db614 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 6270b1a5dab94665d7adce3dc78bc9066ed28bdd is affected.
- Version 6.18.20, <= 6.18.* is unaffected.
- Version 6.19.10, <= 6.19.* is unaffected.
- Version 7.0-rc5, <= * is unaffected.