Skip to main content

Linux Kernel CVE-2025-71301

| EUVDEUVD-2025-209750 MEDIUM
2026-05-08 Linux GHSA-3965-x5g2-56x2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 14, 2026 - 21:31 vuln.today
CVSS changed
May 14, 2026 - 19:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:02 EUVD
CVE Published
May 08, 2026 - 13:15 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 13:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around vmap/vunmap

Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmap_locked, which led to errors such as show below.

[ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0

[ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350

[ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370

[ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330

Only export the new vmap/vunmap helpers for Kunit tests. These are not interfaces for regular drivers.

AnalysisAI

Denial of service in Linux kernel DRM GEM shmem helper functions allows local privileged attackers to trigger CPU warnings and system instability via improper reservation lock handling around vmap/vunmap operations. The vulnerability affects Linux 6.16 and multiple stable branches (6.18, 6.19, 7.0) and is resolved in patched versions; exploitation requires local access with limited privileges and produces availability impact through kernel warnings rather than remote compromise.

Technical ContextAI

The vulnerability exists in the DRM (Direct Rendering Manager) graphics subsystem, specifically in the GEM (Graphics Execution Manager) shmem helper module (drivers/gpu/drm/drm_gem_shmem_helper.c). The issue involves vmap/vunmap operations-memory mapping functions used for virtual memory management of graphics objects-that require proper reservation lock synchronization to prevent race conditions and enforce locking invariants. The affected functions (drm_gem_shmem_vmap_locked, drm_gem_shmem_vunmap_locked, drm_gem_shmem_pin_locked, drm_gem_shmem_get_pages_locked) expect callers to acquire a GEM object's reservation lock before execution, but kernel unit tests (Kunit) were calling these _locked variants directly without holding the required lock, triggering CPU warnings (WARN_ON assertions) at lines 390, 293, 234, and 452 respectively.

RemediationAI

Update the Linux kernel to a patched version containing commit e7b7022f11d3cf281c726117478696b83681bf11 (6.18 stable branch), commit 6b953d92f2f29e74b125617c6f00300fa1bed97e (6.19 stable branch), or commit cda83b099f117f2a28a77bf467af934cb39e49cf (7.0 stable branch), as appropriate for your deployment. For distributions maintaining 6.16 mainline kernels, apply the equivalent fix from the Linux kernel repository at https://git.kernel.org/stable/c/. If immediate patching is not feasible, the impact can be mitigated by restricting access to DRM device nodes (/dev/dri/*) via filesystem permissions or AppArmor/SELinux policies, since exploitation requires local user privileges; however, this does not address the underlying kernel code quality issue. System administrators monitoring kernel logs should expect warning messages on affected versions only during DRM graphics operations in Kunit test environments or custom drivers using the internal vmap_locked APIs-these are not warnings for end-user installations unless custom code directly calls these kernel-internal functions.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy