CVE-2026-23468Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or Throttling8 documents8 sources
Severity
6.9MEDIUM
No vector
EPSS
0.0%
top 94.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bo_number field. Although the previous multiplication overflow check prevents out-of-bounds allocation, a large number of entries could still cause excessive memory allocation (up to potentially gigabytes) and unnecessarily long list processing times. Introduce a hard limit of 128k entries per

Affected Packages2 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxd38ceaf99ed015f2a0b9af3499791bd3a3daae215ce4a38e6c2488949e373d5066303f9c128db614+3

🔴Vulnerability Details

3
GHSA
GHSA-mgj5-5f6h-8742: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace c2026-04-03
CVEList
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion2026-04-03
OSV
CVE-2026-23468: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can2026-04-03

📋Vendor Advisories

3
Red Hat
kernel: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion2026-04-03
Microsoft
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion2026-04-02
Debian
CVE-2026-23468: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23468 Impact, Exploitability, and Mitigation Steps | Wiz