Skip to main content

Linux Kernel CVE-2025-71315

| EUVDEUVD-2025-210081 MEDIUM
2026-06-08 Linux GHSA-rmvc-98rw-854q
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access to DRM device node with low privilege required; only kernel availability impacted via timer corruption, no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 15:28 vuln.today
CVSS changed
Jul 08, 2026 - 14:52 NVD
5.5 (MEDIUM)
Patch available
Jun 08, 2026 - 17:01 EUVD
CVE Published
Jun 08, 2026 - 14:30 nvd
MEDIUM 5.5
CVE Published
Jun 08, 2026 - 14:30 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Convert to DRM's vblank timer

Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation.

Vblank timers are covered in vblank helpers and initializer macros, so remove the corresponding hrtimer in struct vkms_output. The vblank timer calls vkms' custom timeout code via handle_vblank_timeout in struct drm_crtc_helper_funcs.

AnalysisAI

Denial-of-service in the Linux kernel's DRM VKMS (Virtual Kernel Mode Setting) subsystem arises from an improperly managed custom hrtimer used for vblank timing, replaced in the fix by DRM's standard vblank timer implementation. Local users with low-privileged access to the VKMS device can trigger a kernel availability failure - likely a crash or hang - due to the divergent timer lifecycle in struct vkms_output. EPSS is negligible at 0.02% and no active exploitation is confirmed; this is a low-urgency kernel hardening fix affecting development and CI-focused deployments.

Technical ContextAI

VKMS is a software-only, in-kernel DRM driver used primarily for testing and continuous integration pipelines where real GPU hardware is absent. It implements virtual CRTCs with simulated vblank events. The root cause is a custom hrtimer embedded directly in struct vkms_output rather than using the DRM subsystem's standardized vblank timer infrastructure, which is exposed via vblank helpers and initializer macros. This divergence creates a lifecycle mismatch - timer initialization, arming, and teardown differ from what the DRM core expects, potentially leading to use-after-free, double-fire, or missed cancellation conditions that manifest as kernel availability failures. No CWE is assigned by NVD, but the class is most consistent with CWE-362 (race condition) or CWE-416 (use-after-free) in timer management. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

Upgrade to Linux kernel 6.19 (mainline) or 6.18.34 (stable series) per the EUVD-confirmed fix versions. The upstream patch commits are available at https://git.kernel.org/stable/c/a0582cc923985c6b72fe871b5f7aa7c682bfc230 and https://git.kernel.org/stable/c/02e2681ffe1addde1fc8c35d05657b16bfa79613. For systems that cannot be upgraded immediately, the most direct compensating control is to prevent the VKMS module from loading by adding 'blacklist vkms' to /etc/modprobe.d/ and running 'dracut -f' or equivalent to update the initramfs - this eliminates the attack surface entirely at the cost of disabling the virtual display driver, which will affect headless test or CI environments that depend on it. No other workarounds are documented by the vendor.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2025-71315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy