CVE-2025-68802
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124 ... Call Trace: <TASK> alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl fs/ioctl.c:584 [inline] __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. v3: Change XE_MAX_SYNCS from 64 to 1024. (Matt & Ashutosh) v4: s/XE_MAX_SYNCS/DRM_XE_MAX_SYNCS/ (Matt) v5: Do the check at the top of the exec func. (Matt) (cherry picked from commit b07bac9bd708ec468cd1b8a5fe70ae2ac9b0a11c)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-14
Generated
2026-05-27
AI Q&A
2026-01-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-68802
EUVD
EUVD-2026-2298
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel to 3.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version that includes the fix which limits the num_syncs value to DRM_XE_MAX_SYNCS (1024). This prevents userspace from specifying an excessively large num_syncs value that causes oversized allocations. Until the kernel is updated, monitoring for the kernel warnings and restricting untrusted userspace access to the drm/xe driver ioctl interfaces can reduce risk.


Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's drm/xe component allows userspace to specify an arbitrary num_syncs value via the exec and vm_bind ioctl calls. Without proper bounds checking, a very large num_syncs value can cause the kernel to attempt an excessively large memory allocation, leading to kernel warnings and potential instability. The fix introduces a limit (DRM_XE_MAX_SYNCS set to 1024) to reject requests exceeding this value, preventing oversized allocations.


How can this vulnerability impact me? :

If exploited, this vulnerability can cause the Linux kernel to perform excessively large memory allocations, which may lead to kernel warnings, degraded system performance, or potential denial of service due to resource exhaustion.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for warnings related to oversized allocations triggered by the drm/xe driver. Specifically, look for kernel warnings similar to the following message in dmesg or /var/log/kern.log: "WARNING: CPU: ... at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180" You can use the command: sudo dmesg | grep -i 'WARNING: CPU' | grep -i 'mm/page_alloc.c' or sudo journalctl -k | grep -i 'WARNING: CPU' | grep -i 'mm/page_alloc.c' to detect if such warnings have occurred, indicating attempts to exploit the vulnerability via oversized num_syncs allocations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart