CVE-2025-71296 - Vulnerability Details

- drm/tests: shmem: Hold reservation lock around purge

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around purge

Acquire and release the GEM object's reservation lock around calls
to the object's purge operation. The tests use
drm_gem_shmem_purge_locked(), which led to errors such as show below.

[ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740

Only export the new helper drm_gem_shmem_purge() for Kunit tests.
This is not an interface for regular drivers.

Published: 2026-05-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A bug in the Linux kernel’s DRM tests triggered a warning by calling the thread‑unsafe purge operation without holding the reservation lock. The failure caused warning messages during test execution but does not expose any functionality to ordinary drivers or end users. The vulnerability was mitigated by replacing the test helper with a new function that correctly handles lock acquisition.

Affected Systems

The issue affects the Linux kernel’s DRM subsystem test suite, specifically those drivers that employ the old shmem purge helper. Only development or continuous‑integration environments that run Kunit tests are directly impacted; normal production kernels remain unaffected.

Risk and Exploitability

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating a very low likelihood of exploitation. Because the flaw only manifests in the test framework and requires privileged kernel modification to trigger, the overall risk to typical users is negligible. No known attack path exists for surface‑level exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< cdf8bbbd9017adcfb91ad9a902198d4b507719a9
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< 8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< 3f41307d589c2f25d556d47b165df808124cd0c4

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,cdf8bbbd9017adcfb91ad9a902198d4b507719a9)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,3f41307d589c2f25d556d47b165df808124cd0c4)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	semver	—
`[0,6.16)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update to a kernel release that contains the patch referenced in commit 3f41307d589c2f25d556d47b165df808124cd0c4.
Configure the build to exclude the old shmem purge helper by using the new drm_gem_shmem_purge() helper or by disabling the Kunit test that exercised it.
Review and monitor kernel test logs for warnings similar to the one shown, ensuring that no regressions re‑introduce the failure.

Generated by OpenCVE AI on May 8, 2026 at 15:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3f41307d589c2f25d556d47b165df808124cd0c4
https://git.kernel.org/stable/c/8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f
https://git.kernel.org/stable/c/cdf8bbbd9017adcfb91ad9a902198d4b507719a9

History

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors such as show below. [ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740 Only export the new helper drm_gem_shmem_purge() for Kunit tests. This is not an interface for regular drivers.
Title		drm/tests: shmem: Hold reservation lock around purge
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3f41307d589c2f25d556d47b165df808124cd0c4 https://git.kernel.org/stable/c/8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f https://git.kernel.org/stable/c/cdf8bbbd9017adcfb91ad9a902198d4b507719a9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:08.251Z

Updated: 2026-05-08T13:11:08.251Z

Reserved: 2026-05-06T11:31:45.510Z

Link: CVE-2025-71296

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:30.887

Modified: 2026-05-08T14:16:30.887

Link: CVE-2025-71296

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T15:15:10Z

Weaknesses

CWE-362

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object