The Linux kernel’s DRM Xe driver had a flaw in the xe_vm_madvise_ioctl system call. When the validation routine check_bo_args_are_sane() fails, the code previously skipped a cleanup path and left virtual memory areas allocated. Each faulty ioctl call therefore leaks kernel memory. Over time this accumulation can exhaust available memory and degrade overall system performance, potentially leading to a denial‑of‑service for all processes sharing the kernel’s memory pool.

Any system running a Linux kernel version that contains the DRM Xe driver before the patch identified by commit 29bd06faf indeed contains the bug. This includes all kernel releases that have not incorporated the commit that enforces proper cleanup. Users of older kernels or custom builds that did not apply the fix remain vulnerable.

The CVSS score is not supplied, and the EPSS score is unavailable; the vulnerability is also not listed in the CISA KEV catalog. Because the error path is triggered after a failed validation of the ioctl arguments, exploitation would typically involve invoking xe_vm_madvise_ioctl with parameters that trigger the failure. Based on the description, it is inferred that an attacker would need local execution privileges sufficient to send the ioctl to the graphics device. No published exploits exist as of the provided data, so while the risk of exploitation is real for systems that can repeatedly trigger the failure, the likelihood of widespread or automated attacks appears limited. Nonetheless, the persistent memory consumption remains a realistic threat to system availability.