Skip to main content

Linux Kernel CVE-2025-71307

| EUVDEUVD-2025-209971 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-5prx-qm69-p5pq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector with low-privilege trigger; pure availability impact via kernel panic; no confidentiality or integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:08 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug

This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initialized at all, the latter of which can lead to a NULL pointer dereference.

It should be safe on unplug to just disable the MCU without waiting for it to halt as it may not be able to.

AnalysisAI

NULL pointer dereference in the Linux kernel's drm/panthor subsystem causes a kernel panic and denial of service during GPU firmware unplug operations. The panthor_fw_unplug() function incorrectly attempted MCU halt and wait procedures even when firmware was never loaded or fully initialized, dereferencing a NULL pointer in that code path. Systems running a Panthor-based ARM Mali GPU (using the Panthor DRM driver) are affected across kernel versions from the introduction of the driver up to the fixed stable commits; no public exploit exists and EPSS is at the 5th percentile, indicating negligible opportunistic exploitation probability.

Technical ContextAI

The drm/panthor kernel subsystem provides DRM (Direct Rendering Manager) support for ARM's Panthor GPU architecture, found in newer Mali GPU cores. The driver manages a firmware-driven MCU (Microcontroller Unit) that controls GPU power and scheduling state. CWE-476 (NULL Pointer Dereference) describes the root cause: the unplug path unconditionally called halt and wait-for-halt routines on the MCU object without first verifying that the firmware had been successfully loaded and that the MCU pointer was valid. Because device unplug can occur at any lifecycle stage - including before firmware initialization completes - the MCU object may be NULL at that point. The fix removes the MCU halt and wait steps from panthor_fw_unplug(), relying instead on a simple disable, which is safe regardless of MCU initialization state. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*.

RemediationAI

The primary fix is to update to Linux kernel 6.19.4 or the 7.0 patch series, which incorporate stable commits 920c6af9 and aab8b8a4 respectively. Distributions shipping affected kernel versions should apply the upstream stable patches. For systems where upgrading is not immediately possible, the most practical compensating control is to prevent the drm/panthor kernel module from loading by adding 'blacklist panthor' to /etc/modprobe.d/, which avoids the vulnerable code path entirely at the cost of disabling Panthor GPU functionality (side effect: GPU acceleration will be unavailable). Restricting local user access to the system also limits exposure, since the attack vector is local (AV:L/PR:L). There are no known workarounds that preserve full GPU functionality without patching.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2025-71307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy