Linux Kernel DRM/XE Oversized Allocation Vulnerability

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) for Intel GPUs can lead to oversized memory allocations. The issue arises in the exec and vm_bind ioctls, where userspace can specify an arbitrary num_syncs value. Without proper bounds checking, a large num_syncs can force excessive allocations, causing kernel warnings from the page allocator. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to excessive memory allocations, causing kernel warnings and potentially disrupting system performance.

Reproduction

The vulnerability can be reproduced by sending a request through the exec or vm_bind ioctl with a num_syncs value that exceeds the newly introduced limit of 1024. This will trigger the oversized allocation issue, leading to warnings from the kernel's page allocator.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.