Main Vulnerability Database SB2026040660

SB2026040660 - Improper input validation in Linux kernel amd amdgpu driver

Published: April 6, 2026

Security Bulletin ID SB2026040660

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2026-23468)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the amdgpu BO list handling when processing the bo_number field from userspace. A local user can supply an excessive number of BO list entries to cause a denial of service.

The issue can lead to excessive memory allocation and unnecessarily long list processing times.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/5ce4a38e6c2488949e373d5066303f9c128db614
https://git.kernel.org/stable/c/6270b1a5dab94665d7adce3dc78bc9066ed28bdd
https://git.kernel.org/stable/c/f462624a6e4b5f1ec2664c2c53e408b2f4fb53e9