CVE-2025-71076

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-71076

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71076.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-71076

Downstream

BELL-CVE-2025-71076

DEBIAN-CVE-2025-71076

DSA-6126-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

UBUNTU-CVE-2025-71076

USN-8177-1

USN-8177-2

USN-8183-1

USN-8183-2

USN-8245-1

USN-8257-1

openSUSE-SU-2026:20287-1

Related

Published

2026-01-13T15:31:28.759Z

Modified

2026-05-18T05:57:37.966560365Z

Summary

drm/xe/oa: Limit num_syncs to prevent oversized allocations

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Limit num_syncs to prevent oversized allocations

The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations.

Add check to ensure that numsyncs does not exceed DRMXEMAXSYNCS, returning -EINVAL when the limit is violated.

v2: use XEIOCTLDBG() and drop duplicated check. (Ashutosh)

(cherry picked from commit e057b2d2b8d815df3858a87dffafa2af37e5945b)

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71076.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

803d418b73387fda392ddd83eace757ac25cf15d

Fixed

b963636331fb4f3f598d80492e2fa834757198eb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8507a25cebd179db935dd266a33c51bef1b1e80

Fixed

338849090ee610ff6d11e5e90857d2c27a4121ab

Fixed

f8dd66bfb4e184c71bd26418a00546ebe7f5c17a

Affected versions

v6.*

v6.12.17

v6.12.18

v6.12.19

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.37

v6.12.38

v6.12.39

v6.12.40

v6.12.41

v6.12.42

v6.12.43

v6.12.44

v6.12.45

v6.12.46

v6.12.47

v6.12.48

v6.12.49

v6.12.50

v6.12.51

v6.12.52

v6.12.53

v6.12.54

v6.12.55

v6.12.56

v6.12.57

v6.12.58

v6.12.59

v6.12.60

v6.12.61

v6.12.62

v6.12.63

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71076.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.64

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71076.json"