| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011326-CVE-2025-71076-19ff@gregkh> Date: Tue, 13 Jan 2026 16:31:34 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71076: drm/xe/oa: Limit num_syncs to prevent oversized allocations From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations. Add check to ensure that num_syncs does not exceed DRM_XE_MAX_SYNCS, returning -EINVAL when the limit is violated. v2: use XE_IOCTL_DBG() and drop duplicated check. (Ashutosh) (cherry picked from commit e057b2d2b8d815df3858a87dffafa2af37e5945b) The Linux kernel CVE team has assigned CVE-2025-71076 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12.17 with commit 803d418b73387fda392ddd83eace757ac25cf15d and fixed in 6.12.64 with commit b963636331fb4f3f598d80492e2fa834757198eb Issue introduced in 6.13 with commit c8507a25cebd179db935dd266a33c51bef1b1e80 and fixed in 6.18.3 with commit 338849090ee610ff6d11e5e90857d2c27a4121ab Issue introduced in 6.13 with commit c8507a25cebd179db935dd266a33c51bef1b1e80 and fixed in 6.19-rc2 with commit f8dd66bfb4e184c71bd26418a00546ebe7f5c17a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71076 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/xe/xe_oa.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b963636331fb4f3f598d80492e2fa834757198eb https://git.kernel.org/stable/c/338849090ee610ff6d11e5e90857d2c27a4121ab https://git.kernel.org/stable/c/f8dd66bfb4e184c71bd26418a00546ebe7f5c17a
Powered by blists - more mailing lists