CVE-2026-45979 drm/amdgpu: clean up the amdgpu_cs_parser_bos

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpubolistput as it's been handled in the amdgpucsparserfini...

CVE-2026-23468

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although the previous multiplication overflow check prevents out-of-bounds...

CVE-2026-23468

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although the previous multiplication overflow check prevents out-of-bounds...

CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although the previous multiplication overflow check prevents out-of-bounds...

CVE-2026-23468

CVE-2026-23468 affects the Linux kernel’s DRM/amdgpu BO list handling. The issue was an attacker-controlled bo_number could trigger excessive memory allocation and slow list processing; the fix introduces a hard limit of 128k entries per BO list and returns -EINVAL when exceeded. Connected adviso...

PT-2026-30162

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/amdgpu subsystem where the number of BO list entries is not limited. Userspace can provide an arbitrary number of BO list entries via the bo...

CVE-2025-68749 accel/ivpu: Fix race condition when unbinding BOs

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpugembofree removes the BO from the BOs list before it gets unmapped. Then fileprivunbind triggers a...

CVE-2024-54455

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpubolist Check if ctx is not NULL before accessing its fields...

kernel: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpubolist mutex If amdgpucsvmhandling returns r != 0, then it will unlock the bolistmutex inside the function amdgpucsvmhandling and again on amdgpucsparserfini. This problem results in the...