{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23468","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:46.021Z","datePublished":"2026-04-03T15:15:47.207Z","dateUpdated":"2026-05-17T15:21:21.413Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-17T15:21:21.413Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Limit BO list entry count to prevent resource exhaustion\n\nUserspace can pass an arbitrary number of BO list entries via the\nbo_number field. Although the previous multiplication overflow check\nprevents out-of-bounds allocation, a large number of entries could still\ncause excessive memory allocation (up to potentially gigabytes) and\nunnecessarily long list processing times.\n\nIntroduce a hard limit of 128k entries per BO list, which is more than\nsufficient for any realistic use case (e.g., a single list containing all\nbuffers in a large scene). This prevents memory exhaustion attacks and\nensures predictable performance.\n\nReturn -EINVAL if the requested entry count exceeds the limit\n\n(cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c"],"versions":[{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"e620378aab78d415bd8a15a2f91c145906520288","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"2723e6851309531ce61aed74e93a0cd268cc862a","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"5ce4a38e6c2488949e373d5066303f9c128db614","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"6270b1a5dab94665d7adce3dc78bc9066ed28bdd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c"],"versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.10","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"6.12.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"6.18.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"6.19.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e620378aab78d415bd8a15a2f91c145906520288"},{"url":"https://git.kernel.org/stable/c/2723e6851309531ce61aed74e93a0cd268cc862a"},{"url":"https://git.kernel.org/stable/c/5ce4a38e6c2488949e373d5066303f9c128db614"},{"url":"https://git.kernel.org/stable/c/f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9"},{"url":"https://git.kernel.org/stable/c/6270b1a5dab94665d7adce3dc78bc9066ed28bdd"}],"title":"drm/amdgpu: Limit BO list entry count to prevent resource exhaustion","x_generator":{"engine":"bippy-1.2.0"}}}}