CVE-2026-23468
Received Received - Intake
Resource Exhaustion in Linux Kernel amdgpu BO List Handling

Publication date: 2026-04-03

Last updated on: 2026-04-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bo_number field. Although the previous multiplication overflow check prevents out-of-bounds allocation, a large number of entries could still cause excessive memory allocation (up to potentially gigabytes) and unnecessarily long list processing times. Introduce a hard limit of 128k entries per BO list, which is more than sufficient for any realistic use case (e.g., a single list containing all buffers in a large scene). This prevents memory exhaustion attacks and ensures predictable performance. Return -EINVAL if the requested entry count exceeds the limit (cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-03
Generated
2026-05-07
AI Q&A
2026-04-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23468
EUVD
EUVD-2026-18736
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's drm/amdgpu component, where userspace can pass an arbitrary number of Buffer Object (BO) list entries via the bo_number field.

Although there was a previous check to prevent out-of-bounds allocation due to multiplication overflow, it did not prevent userspace from requesting a very large number of entries. This could lead to excessive memory allocation, potentially consuming gigabytes of memory, and cause unnecessarily long processing times.

The fix introduces a hard limit of 128,000 entries per BO list, which is sufficient for realistic use cases. If the requested number of entries exceeds this limit, the kernel returns an error (-EINVAL), preventing memory exhaustion attacks and ensuring predictable performance.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker or a malicious userspace application to cause resource exhaustion on your system.

By passing an excessively large number of BO list entries, the system could allocate a very large amount of memory (potentially gigabytes), leading to degraded system performance, long processing times, or even system instability.

Such resource exhaustion could be exploited to perform denial-of-service (DoS) attacks, affecting the availability and reliability of the affected system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Linux kernel includes the patch that limits the BO list entry count to 128k entries in the drm/amdgpu driver.

This patch prevents resource exhaustion by rejecting requests with an entry count exceeding the limit, returning -EINVAL.

Therefore, updating your Linux kernel to a version that contains this fix is the immediate step to prevent potential memory exhaustion attacks related to this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart