CVE-2026-23468

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the drm/amdgpu subsystem where the number of BO list entries is not limited. Userspace can provide an arbitrary number of BO list entries via the bo number field. While a previous check prevents out-of-bounds allocation, a large number of entries can lead to excessive memory allocation, potentially reaching gigabytes, and prolonged list processing times. A limit of 128k entries per BO list has been introduced to prevent resource exhaustion and maintain predictable performance. The function returns -EINVAL if the entry count exceeds this limit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.