CVE-2026-23468

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Limit BO list entry count to prevent resource exhaustion<br /> <br /> Userspace can pass an arbitrary number of BO list entries via the<br /> bo_number field. Although the previous multiplication overflow check<br /> prevents out-of-bounds allocation, a large number of entries could still<br /> cause excessive memory allocation (up to potentially gigabytes) and<br /> unnecessarily long list processing times.<br /> <br /> Introduce a hard limit of 128k entries per BO list, which is more than<br /> sufficient for any realistic use case (e.g., a single list containing all<br /> buffers in a large scene). This prevents memory exhaustion attacks and<br /> ensures predictable performance.<br /> <br /> Return -EINVAL if the requested entry count exceeds the limit<br /> <br /> (cherry picked from commit 688b87d39e0aa8135105b40dc167d74b5ada5332)