CVE-2026-23468
Modified Modified - Updated After Analysis
Resource Exhaustion in Linux Kernel amdgpu BO List Handling

Publication date: 2026-04-03

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bo_number field. Although the previous multiplication overflow check prevents out-of-bounds allocation, a large number of entries could still cause excessive memory allocation (up to potentially gigabytes) and unnecessarily long list processing times. Introduce a hard limit of 128k entries per BO list, which is more than sufficient for any realistic use case (e.g., a single list containing all buffers in a large scene). This prevents memory exhaustion attacks and ensures predictable performance. Return -EINVAL if the requested entry count exceeds the limit (cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23468
EUVD
EUVD-2026-18736
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.20 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.10 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 4.2 (inc) to 6.6.140 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's drm/amdgpu component, where userspace can pass an arbitrary number of Buffer Object (BO) list entries via the bo_number field.

Although there was a previous check to prevent out-of-bounds allocation due to multiplication overflow, it did not prevent userspace from requesting a very large number of entries. This could lead to excessive memory allocation, potentially consuming gigabytes of memory, and cause unnecessarily long processing times.

The fix introduces a hard limit of 128,000 entries per BO list, which is sufficient for realistic use cases. If the requested number of entries exceeds this limit, the kernel returns an error (-EINVAL), preventing memory exhaustion attacks and ensuring predictable performance.

Impact Analysis

This vulnerability can impact you by allowing an attacker or a malicious userspace application to cause resource exhaustion on your system.

By passing an excessively large number of BO list entries, the system could allocate a very large amount of memory (potentially gigabytes), leading to degraded system performance, long processing times, or even system instability.

Such resource exhaustion could be exploited to perform denial-of-service (DoS) attacks, affecting the availability and reliability of the affected system.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel includes the patch that limits the BO list entry count to 128k entries in the drm/amdgpu driver.

This patch prevents resource exhaustion by rejecting requests with an entry count exceeding the limit, returning -EINVAL.

Therefore, updating your Linux kernel to a version that contains this fix is the immediate step to prevent potential memory exhaustion attacks related to this issue.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart