CVE-2025-71076

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations. Add check to ensure that num_syncs does not exceed DRM_XE_MAX_SYNCS, returning -EINVAL when the limit is violated. v2: use XE_IOCTL_DBG() and drop duplicated check. (Ashutosh) (cherry picked from commit e057b2d2b8d815df3858a87dffafa2af37e5945b)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/338849090ee610ff6d11e5e90857d2c27a4121ab	Patch
https://git.kernel.org/stable/c/b963636331fb4f3f598d80492e2fa834757198eb	Patch
https://git.kernel.org/stable/c/f8dd66bfb4e184c71bd26418a00546ebe7f5c17a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.13:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

17 Jun 2026, 10:03

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: drm/xe/oa: Limitar num_syncs para prevenir asignaciones sobredimensionadas Los parámetros de apertura de OA no validaban num_syncs, permitiendo que el espacio de usuario pasara valores arbitrariamente grandes, lo que podría llevar a asignaciones excesivas. Añadir una comprobación para asegurar que num_syncs no exceda DRM_XE_MAX_SYNCS, devolviendo -EINVAL cuando se viola el límite. v2: usar XE_IOCTL_DBG() y eliminar la comprobación duplicada. (Ashutosh) (extraído del commit e057b2d2b8d815df3858a87dffafa2af37e5945b)

25 Mar 2026, 19:00

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/338849090ee610ff6d11e5e90857d2c27a4121ab -~~	() https://git.kernel.org/stable/c/338849090ee610ff6d11e5e90857d2c27a4121ab - Patch
References	~~() https://git.kernel.org/stable/c/b963636331fb4f3f598d80492e2fa834757198eb -~~	() https://git.kernel.org/stable/c/b963636331fb4f3f598d80492e2fa834757198eb - Patch
References	~~() https://git.kernel.org/stable/c/f8dd66bfb4e184c71bd26418a00546ebe7f5c17a -~~	() https://git.kernel.org/stable/c/f8dd66bfb4e184c71bd26418a00546ebe7f5c17a - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.13:-::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

13 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 16:16

Updated : 2026-06-17 10:03

NVD link : CVE-2025-71076

Mitre link : CVE-2025-71076

CVE.ORG link : CVE-2025-71076

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10