CVE-2025-71076 — Allocation of Resources Without Limits or Throttling in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Limit num_syncs to prevent oversized allocations
The OA open parameters did not validate num_syncs, allowing
userspace to pass arbitrarily large values, potentially
leading to excessive allocations.
Add check to ensure that num_syncs does not exceed DRM_XE_MAX_SYNCS,
returning -EINVAL when the limit is violated.
v2: use XE_IOCTL_DBG() and drop duplicated check. (Ashutosh)
(cherry picked from commit e057b2d2b8d815…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages8 packages
▶CVEListV5linux/linux803d418b73387fda392ddd83eace757ac25cf15d — b963636331fb4f3f598d80492e2fa834757198eb+3
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-q2h7-93p4-2gqf: In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Limit num_syncs to prevent oversized allocations
The OA open paramete↗2026-01-13
OSV▶
CVE-2025-71076: In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters↗2026-01-13
📋Vendor Advisories
5Debian▶
CVE-2025-71076: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: ...↗2025