CVE-2025-68802

CVSS v2.0

1.7

Low

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the drm/xe subsystem related to handling the num syncs parameter in the exec and vm bind ioctl calls. Without proper bounds checking, a large num syncs value supplied by userspace can trigger an excessively large memory allocation, potentially leading to kernel warnings from the page allocator. The issue is addressed by introducing a limit, DRM XE MAX SYNCS, set to 1024, and rejecting requests exceeding this limit. The vulnerable code resides in the xe exec ioctl function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-00708

CVE-2025-68802

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8177-1

USN-8177-2

USN-8183-1

USN-8183-2

USN-8245-1

USN-8257-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68802

Weakness Enumeration

Related Identifiers

Affected Products

References · 716