Skip to main content

Linux Kernel EUVDEUVD-2025-209751

| CVE-2025-71302 MEDIUM
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-x349-38c9-g449
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 19:22 vuln.today
CVSS changed
May 14, 2026 - 19:22 NVD
5.5 (MEDIUM)
CVE Published
May 08, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: fix for dma-fence safe access rules

Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules") details the dma-fence safe access rules. The most common culprit is that drm_sched_fence_get_timeline_name may race with group_free_queue.

AnalysisAI

Race condition in drm/panthor GPU driver violates dma-fence safe access rules, allowing local authenticated users to cause denial of service via timeline name retrieval racing with queue freeing. CVSS 5.5 (local, low complexity) with EPSS 0.02% indicating minimal real-world exploitation likelihood despite active kernel-level flaw.

Technical ContextAI

The vulnerability exists in the Direct Rendering Manager (DRM) Panthor GPU driver subsystem. The root cause is improper synchronization between drm_sched_fence_get_timeline_name() function and group_free_queue() during concurrent access to dma-fence objects. The Linux kernel commit 506aa8b02a8d6 established safe access rules for dma-fence structures to prevent use-after-free and data races. The Panthor driver violated these rules by allowing unsynchronized timeline name retrieval to race with queue freeing operations, violating CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization). This affects the GPU scheduling layer which manages fence objects for hardware command queue synchronization.

RemediationAI

Update to patched Linux kernel versions: 6.18.16 or later for 6.18.x series, 6.19.6 or later for 6.19.x series, or 7.0 or later for 7.0+ series. Apply kernel patch commit ab8c0de60f16d7e0b162ccbbb35fcf1f277c97c2 (accessible via git.kernel.org/stable/c/) which implements proper dma-fence safe access synchronization in drm_sched_fence_get_timeline_name(). No workarounds are available short of kernel upgrade. Distributions should backport the fix to their supported kernel branches. For systems unable to immediately upgrade, monitor GPU scheduler stability and restart GPU applications if timeline queries hang; this is a stability patch rather than a security emergency requiring immediate downtime.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2025-209751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy