CVE-2025-71076

13.01.2026, 16:16

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Limit num_syncs to prevent oversized allocations

The OA open parameters did not validate num_syncs, allowing
userspace to pass arbitrarily large values, potentially
leading to excessive allocations.

Add check to ensure that num_syncs does not exceed DRM_XE_MAX_SYNCS,
returning -EINVAL when the limit is violated.

v2: use XE_IOCTL_DBG() and drop duplicated check. (Ashutosh)

(cherry picked from commit e057b2d2b8d815df3858a87dffafa2af37e5945b)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.159-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	6.18.3-1 fixed

References

https://git.kernel.org/stable/c/338849090ee610ff6d11e5e90857d2c27a4121ab

https://git.kernel.org/stable/c/b963636331fb4f3f598d80492e2fa834757198eb

https://git.kernel.org/stable/c/f8dd66bfb4e184c71bd26418a00546ebe7f5c17a