Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-39741
CVE-2025-39741:
Linux Ubuntu vulnerability analysis and mitigation
Overview
A vulnerability has been identified in the Linux kernel's drm/xe/migrate component (CVE-2025-39741), discovered on September 11, 2025. The issue involves a potential overflow in the maximum copy size calculation when dealing with non-page aligned copies in the DRM subsystem (NVD).
Technical details
The vulnerability occurs in the drm/xe/migrate component where non-page aligned copies require 4-byte aligned pitch. The size can approach the maximum of ~8M, causing the dimensions of the copy to exceed the S16MAX limit of the copy command. This results in an assertion failure: 'size / pitch <= ((s16)(((u16)~0U) >> 1))' in the emitcopy function at drivers/gpu/drm/xe/xe_migrate.c:673 (NVD).
Impact
The vulnerability can lead to system instability and potential denial of service conditions when processing certain graphics operations in the Linux kernel's DRM subsystem (NVD).
Mitigation and workarounds
A fix has been implemented that accounts for the pitch when calculating the number of current bytes to copy. The patch has been cherry-picked from commit 8c2d61e0e916e077fda7e7b8e67f25ffe0f361fc (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Ubuntu vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management