VYPR
Medium severity5.5NVD Advisory· Published Sep 11, 2025· Updated Jun 17, 2026

CVE-2025-39741

CVE-2025-39741

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/migrate: don't overflow max copy size

With non-page aligned copy, we need to use 4 byte aligned pitch, however the size itself might still be close to our maximum of ~8M, and so the dimensions of the copy can easily exceed the S16_MAX limit of the copy command leading to the following assert:

xe 0000:03:00.0: [drm] Assertion size / pitch <= ((s16)(((u16)~0U) >> 1)) failed! platform: BATTLEMAGE subplatform: 1 graphics: Xe2_HPG 20.01 step A0 media: Xe2_HPM 13.01 step A1 tile: 0 VRAM 10.0 GiB GT: 0 type 1

WARNING: CPU: 23 PID: 10605 at drivers/gpu/drm/xe/xe_migrate.c:673 emit_copy+0x4b5/0x4e0 [xe]

To fix this account for the pitch when calculating the number of current bytes to copy.

(cherry picked from commit 8c2d61e0e916e077fda7e7b8e67f25ffe0f361fc)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.