CVE-2025-68802 — Improper Validation of Specified Quantity in Input in Linux
Severity
6.4MEDIUM
No vectorEPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Limit num_syncs to prevent oversized allocations
The exec and vm_bind ioctl allow userspace to specify an arbitrary
num_syncs value. Without bounds checking, a very large num_syncs
can force an excessively large allocation, leading to kernel warnings
from the page allocator as below.
Introduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request
exceeding this limit.
"
------------[ cut here ]------------
WARNING: C…
Affected Packages7 packages
▶CVEListV5linux/linuxdd08ebf6c3525a7ea2186e636df064ea47281987 — e281d1fd6903a081ef023c341145ae92258e38d2+3
🔴Vulnerability Details
3OSV▶
CVE-2025-68802: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioct↗2026-01-13
GHSA▶
GHSA-8fv4-2ccq-j7r8: In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Limit num_syncs to prevent oversized allocations
The exec and vm_bind io↗2026-01-13
📋Vendor Advisories
5Debian▶
CVE-2025-68802: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Lim...↗2025