{"id":"CVE-2026-23468","summary":"drm/amdgpu: Limit BO list entry count to prevent resource exhaustion","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Limit BO list entry count to prevent resource exhaustion\n\nUserspace can pass an arbitrary number of BO list entries via the\nbo_number field. Although the previous multiplication overflow check\nprevents out-of-bounds allocation, a large number of entries could still\ncause excessive memory allocation (up to potentially gigabytes) and\nunnecessarily long list processing times.\n\nIntroduce a hard limit of 128k entries per BO list, which is more than\nsufficient for any realistic use case (e.g., a single list containing all\nbuffers in a large scene). This prevents memory exhaustion attacks and\nensures predictable performance.\n\nReturn -EINVAL if the requested entry count exceeds the limit\n\n(cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)","modified":"2026-06-03T18:29:25.336748254Z","published":"2026-04-03T15:15:47.207Z","related":["SUSE-SU-2026:2068-1","SUSE-SU-2026:21841-1","SUSE-SU-2026:21845-1","SUSE-SU-2026:21860-1","SUSE-SU-2026:21876-1","SUSE-SU-2026:21877-1","SUSE-SU-2026:21916-1","SUSE-SU-2026:21919-1","SUSE-SU-2026:2217-1","openSUSE-SU-2026:20826-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23468.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2723e6851309531ce61aed74e93a0cd268cc862a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5ce4a38e6c2488949e373d5066303f9c128db614"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6270b1a5dab94665d7adce3dc78bc9066ed28bdd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c833d6c7199c5b5fca9ec95593acd539ec9c171c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e620378aab78d415bd8a15a2f91c145906520288"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23468.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23468"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21"},{"fixed":"c833d6c7199c5b5fca9ec95593acd539ec9c171c"},{"fixed":"e620378aab78d415bd8a15a2f91c145906520288"},{"fixed":"2723e6851309531ce61aed74e93a0cd268cc862a"},{"fixed":"5ce4a38e6c2488949e373d5066303f9c128db614"},{"fixed":"f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9"},{"fixed":"6270b1a5dab94665d7adce3dc78bc9066ed28bdd"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23468.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.2.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23468.json"}}],"schema_version":"1.7.5"}