{"id":"CVE-2025-39741","summary":"drm/xe/migrate: don't overflow max copy size","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/migrate: don't overflow max copy size\n\nWith non-page aligned copy, we need to use 4 byte aligned pitch, however\nthe size itself might still be close to our maximum of ~8M, and so the\ndimensions of the copy can easily exceed the S16_MAX limit of the copy\ncommand leading to the following assert:\n\nxe 0000:03:00.0: [drm] Assertion `size / pitch \u003c= ((s16)(((u16)~0U) \u003e\u003e 1))` failed!\nplatform: BATTLEMAGE subplatform: 1\ngraphics: Xe2_HPG 20.01 step A0\nmedia: Xe2_HPM 13.01 step A1\ntile: 0 VRAM 10.0 GiB\nGT: 0 type 1\n\nWARNING: CPU: 23 PID: 10605 at drivers/gpu/drm/xe/xe_migrate.c:673 emit_copy+0x4b5/0x4e0 [xe]\n\nTo fix this account for the pitch when calculating the number of current\nbytes to copy.\n\n(cherry picked from commit 8c2d61e0e916e077fda7e7b8e67f25ffe0f361fc)","modified":"2026-04-02T12:48:08.009131Z","published":"2025-09-11T16:52:15.353Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39741.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4126cb327a2e3273c81fcef1c594c5b7b645c44c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7257cc6644d540130a46a61531a07a0517cace89"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39741.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39741"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"270172f64b114451876c1b68912653e72ab99f38"},{"fixed":"7257cc6644d540130a46a61531a07a0517cace89"},{"fixed":"4126cb327a2e3273c81fcef1c594c5b7b645c44c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39741.json"}}],"schema_version":"1.7.5"}