Skip to main content

Linux Kernel EUVDEUVD-2025-209745

| CVE-2025-71296 MEDIUM
2026-05-08 Linux GHSA-pcm3-h7mm-fp3g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 14, 2026 - 21:30 vuln.today
CVSS changed
May 14, 2026 - 19:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:02 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around purge

Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors such as show below.

[ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740

Only export the new helper drm_gem_shmem_purge() for Kunit tests. This is not an interface for regular drivers.

AnalysisAI

Denial of service in Linux kernel DRM GEM shmem helper when drm_gem_shmem_purge_locked() is called without properly holding the GEM object's reservation lock, affecting local authenticated users. The vulnerability causes a kernel warning and denial of service condition in the direct rendering manager's shared memory handling code. CVSS 5.5 with low EPSS (0.02%) indicates limited real-world exploitation despite availability of patch. Affected Linux versions prior to kernels with commits cdf8bbbd9017adcfb91ad9a902198d4b507719a9, 8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f, and 3f41307d589c2f25d556d47b165df808124cd0c4.

Technical ContextAI

The vulnerability resides in the DRM (Direct Rendering Manager) subsystem's GEM (Graphics Execution Manager) shmem helper module, specifically in the drm_gem_shmem_purge_locked() function located at drivers/gpu/drm/drm_gem_shmem_helper.c. GEM manages graphics memory objects in the Linux kernel's DRM framework. The issue occurs when the purge operation is invoked without acquiring the GEM object's reservation lock (dma_resv), which is a synchronization primitive required to safely manipulate shared memory objects. The Kunit test code was calling the locked variant without holding the necessary lock, violating the locking contract and triggering a kernel warning at line 515 of drm_gem_shmem_helper.c. The fix introduces a public helper drm_gem_shmem_purge() that properly wraps the locked operation with reservation lock acquisition and release for test code.

RemediationAI

Update to a patched Linux kernel version containing commits cdf8bbbd9017adcfb91ad9a902198d4b507719a9, 8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f, or 3f41307d589c2f25d556d47b165df808124cd0c4. For stable branches, upgrade to Linux 6.18.16 or later, or 6.19.6 or later. The fix is available from the official Linux kernel repository at https://git.kernel.org/stable/. If immediate patching is not feasible, disable Kunit testing in kernel configurations (CONFIG_DRM_GEM_SHMEM_HELPER_TESTS=n) to eliminate the affected test code path entirely. This configuration change has no impact on production DRM functionality and prevents the test harness from executing the vulnerable code. Backport the fix from the referenced commits if running a custom or enterprise kernel build on versions between 6.16 and the patched versions. Standard distribution kernel updates from major Linux vendors will include this patch in their next stable releases.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2025-209745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy