CVE-2025-71076
Description
In the Linux kernel, the following vulnerability has been resolved:drm/xe/oa: Limit num_syncs to prevent oversized allocationsThe OA open parameters did not validate num_syncs, allowinguserspace to pass arbitrarily large values, potentiallyleading to excessive allocations.Add check to ensure that num_syncs does not exceed DRM_XE_MAX_SYNCS,returning -EINVAL when the limit is violated.v2: use XE_IOCTL_DBG() and drop duplicated check. (Ashutosh)(cherry picked from commit e057b2d2b8d815df3858a87dffafa2af37e5945b)
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.024
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234