Primary

Context

Linux Kernel AMDGPU BO List Entry Count Limit Vulnerability

Vulnerability

Patched

A resource exhaustion vulnerability has been addressed in the Linux kernel's AMDGPU graphics driver. Userspace could previously send an arbitrary number of buffer object (BO) list entries, potentially leading to excessive memory allocation—up to several gigabytes—and prolonged processing times. The vulnerability has been mitigated by introducing a hard limit of 128,000 entries per BO list, which is adequate for realistic use cases. This change prevents memory exhaustion attacks and ensures consistent performance. The vulnerability was resolved by adding a check that returns an error if the requested entry count exceeds the limit.

Impact

The vulnerability could have been exploited to cause memory exhaustion, leading to excessive memory use and degraded performance.

Added: Apr 3, 2026, 4:48 PM

Updated: Apr 3, 2026, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

5.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

5.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel AMDGPU BO List Entry Count Limit Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating