What is the CVSS score of EUVD-2025-209749?

EUVD-2025-209749 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2025-209749?

Yes, a patch is available for EUVD-2025-209749. Update the affected software to the latest version immediately.

Linux Kernel EUVD-2025-209749

| CVE-2025-71300 MEDIUM

2026-05-08 Linux

GHSA-f29c-vwqv-27x7

Linux Code Injection Red Hat Suse

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 14, 2026 - 21:31 vuln.today

CVSS changed

May 14, 2026 - 19:22 NVD

5.5 (MEDIUM)

Patch available

May 08, 2026 - 14:02 EUVD

CVE Published

May 08, 2026 - 13:15 nvd

MEDIUM 5.5

CVE Published

May 08, 2026 - 13:15 nvd

UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.

OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to kernel device tree. The injection logic is dependent on that there is no manually defined optee node. Having the node in zynqmp.dtsi effectively breaks OP-TEE's insertion of the reserved-memory node, causing memory access violations during runtime.

AnalysisAI

Memory access violations occur in Linux kernel on Xilinx ZynqMP systems when OP-TEE device tree nodes are manually defined, preventing U-Boot's OP-TEE injection logic from properly inserting reserved-memory nodes. This affects Linux kernel versions 6.9 through 7.0 on ARM64 ZynqMP platforms, allowing local authenticated users to cause denial of service through runtime memory access faults. Vendor-released patches are available across multiple stable branches (6.12.75, 6.18.16, 6.19.6, 7.0).

Technical ContextAI

The Linux kernel device tree (dtsi) for ARM64 Xilinx ZynqMP platforms contains an OP-TEE node that conflicts with U-Boot's firmware loading mechanism. U-Boot's OP-TEE logic automatically injects both a reserved-memory node and an optee firmware node into the kernel device tree during boot, but this injection is conditional on no pre-existing optee node being present. When the zynqmp.dtsi file includes a manually-defined OP-TEE node, U-Boot's injection logic fails to run, leaving the reserved-memory node absent from the final device tree passed to the kernel. This causes the kernel to allocate memory without proper reservation, leading to memory access violations when OP-TEE firmware attempts to access its expected reserved region. The fix reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe, which originally added the problematic manual OP-TEE node definition.

RemediationAI

Vendor-released patch: Upgrade Linux kernel to version 6.12.75 or later (6.18.16, 6.19.6, 7.0 or newer). The fix reverts the problematic device tree change by removing the manually-defined OP-TEE node from arch/arm64/boot/dts/xilinx/zynqmp.dtsi, restoring U-Boot's ability to properly inject both the reserved-memory and optee firmware nodes during boot. For systems that cannot immediately upgrade, disable OP-TEE in the firmware configuration if not required, or ensure U-Boot is version-aligned with kernel expectations for device tree injection. Apply the specific commits referenced in the stable tree links: eece81eeda10eb42c687399fb5aa69977ae15664 (6.12), 3983ef126e439900bbf419724a9759863c146660 (6.18), 2a833c730d4e8d1cc10953270ce0f3a156145d81 (6.19), or c197179990124f991fca220d97fac56779a02c6d (other branches). Verify that OP-TEE reserved-memory regions are present in the final device tree after kernel boot (via /sys/firmware/devicetree).