CVE-2026-23468
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Userspace can pass an arbitrary number of BO list entries via the bo_number field. Although the previous multiplication overflow check prevents out-of-bounds allocation, a large number of entries could still cause excessive memory allocation (up to potentially gigabytes) and unnecessarily long list processing times.
Introduce a hard limit of 128k entries per BO list, which is more than sufficient for any realistic use case (e.g., a single list containing all buffers in a large scene). This prevents memory exhaustion attacks and ensures predictable performance.
Return -EINVAL if the requested entry count exceeds the limit
(cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel drm/amdgpu BO list entry count limit prevents memory exhaustion from large userspace allocations.
In the Linux kernel's drm/amdgpu driver, the BO list handling lacked a limit on the number of entries userspace could specify via the bo_number field. While a previous multiplication overflow check prevented out-of-bounds memory access, an attacker could still request an arbitrarily large number of entries, leading to excessive memory allocation (potentially gigabytes) and prolonged list processing times. This vulnerability is addressed by introducing a hard limit of 128k entries per BO list, which is sufficient for all realistic use cases [1][2][3][4].
An unprivileged user with access to the amdgpu device can exploit this by submitting a BO list with a very large entry count. No authentication beyond device access is required, and the attack can be performed from userspace. The kernel would then allocate memory proportional to the requested number of entries and spend significant CPU time processing the list, effectively enabling a denial-of-service condition.
The impact is resource exhaustion, leading to system instability, memory pressure, or a complete denial of service for other processes. The attacker does not gain code execution or privilege escalation, but can render the system unresponsive.
The fix has been applied to the Linux kernel stable branches, as seen in commits [1][2][3][4]. Systems running an updated kernel are no longer vulnerable. No workaround is available; users should apply the kernel update.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/2723e6851309531ce61aed74e93a0cd268cc862anvd
- git.kernel.org/stable/c/5ce4a38e6c2488949e373d5066303f9c128db614nvd
- git.kernel.org/stable/c/6270b1a5dab94665d7adce3dc78bc9066ed28bddnvd
- git.kernel.org/stable/c/e620378aab78d415bd8a15a2f91c145906520288nvd
- git.kernel.org/stable/c/f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9nvd
News mentions
0No linked articles in our index yet.