DEBIAN-CVE-2025-68802

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation, leading to kernel warnings from the page allocator as below. Introduce DRMXEMAXSYNCS (set to 1024) and reject any request exceeding this limit. " ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1217 at mm/pagealloc.c:5124 allocfrozenpagesnoprof+0x2f8/0x2180 mm/pagealloc.c:5124 ... Call Trace: <TASK> allocpagesmpol+0xe4/0x330 mm/mempolicy.c:2416 kmalloclargenode+0xd8/0x110 mm/slub.c:4317 _kmalloclargenodenoprof+0x18/0xe0 mm/slub.c:4348 _dokmallocnode mm/slub.c:4364 [inline] _kmallocnoprof+0x3d4/0x4b0 mm/slub.c:4388 kmallocnoprof include/linux/slab.h:909 [inline] kmallocarraynoprof include/linux/slab.h:948 [inline] xeexecioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xeexec.c:158 drmioctlkernel+0x1f1/0x3e0 drivers/gpu/drm/drmioctl.c:797 drmioctl+0x5e7/0xc50 drivers/gpu/drm/drmioctl.c:894 xedrmioctl+0x10b/0x170 drivers/gpu/drm/xe/xedevice.c:224 vfsioctl fs/ioctl.c:51 [inline] _dosysioctl fs/ioctl.c:598 [inline] _sesysioctl fs/ioctl.c:584 [inline] _x64sysioctl+0x18b/0x210 fs/ioctl.c:584 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xbb/0x380 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f ... " v2: Add "Reported-by" and Cc stable kernels. v3: Change XEMAXSYNCS from 64 to 1024. (Matt & Ashutosh) v4: s/XEMAXSYNCS/DRMXEMAX_SYNCS/ (Matt) v5: Do the check at the top of the exec func. (Matt) (cherry picked from commit b07bac9bd708ec468cd1b8a5fe70ae2ac9b0a11c)