CVE-2025-71296 - Vulnerability Details

- drm/tests: shmem: Hold reservation lock around purge

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around purge

Acquire and release the GEM object's reservation lock around calls
to the object's purge operation. The tests use
drm_gem_shmem_purge_locked(), which led to errors such as show below.

[ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740

Only export the new helper drm_gem_shmem_purge() for Kunit tests.
This is not an interface for regular drivers.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A bug in the Linux kernel’s DRM test suite caused calls to the purge operation without holding the necessary reservation lock. This race fault triggers warning messages during Kunit test execution and is classified as a CWE‑413 weakness (Race Condition). The flaw does not provide any operational impact to regular drivers or end users, as it is confined to test code that is not exported for production use.

Affected Systems

The issue affects the Linux kernel’s DRM subsystem test suite, specifically the shmem purge helper used in Kunit tests. Only development or continuous‑integration environments that run these tests are directly impacted; normal production kernels remain unaffected.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a very low likelihood of exploitation. Because the flaw only manifests in the test framework and requires privileged kernel modification to trigger, the overall risk to typical users is negligible. No known attack path exists for surface‑level exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< cdf8bbbd9017adcfb91ad9a902198d4b507719a9
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< 8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< 3f41307d589c2f25d556d47b165df808124cd0c4

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,cdf8bbbd9017adcfb91ad9a902198d4b507719a9)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,3f41307d589c2f25d556d47b165df808124cd0c4)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	semver	—
`[0,6.16)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update to a kernel release that contains the patch referenced in commit 3f41307d589c2f25d556d47b165df808124cd0c4.
Configure the build to exclude the old shmem purge helper by using the new drm_gem_shmem_purge() helper or by disabling the Kunit test that exercised it.
Review and monitor kernel test logs for warnings similar to the one shown, ensuring that no regressions re‑introduce the failure.

Generated by OpenCVE AI on May 14, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3f41307d589c2f25d556d47b165df808124cd0c4
https://git.kernel.org/stable/c/8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f
https://git.kernel.org/stable/c/cdf8bbbd9017adcfb91ad9a902198d4b507719a9
https://lore.kernel.org/linux-cve-announce/2026050846-CVE-2025-71296-e1b1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71296
https://www.cve.org/CVERecord?id=CVE-2025-71296

History

Thu, 14 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Sat, 09 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-362

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-413
References		https://lore.kernel.org/linux-cve-announce/2026050846-CVE-2025-71296-e1b1@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71296 https://www.cve.org/CVERecord?id=CVE-2025-71296
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors such as show below. [ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740 Only export the new helper drm_gem_shmem_purge() for Kunit tests. This is not an interface for regular drivers.
Title		drm/tests: shmem: Hold reservation lock around purge
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3f41307d589c2f25d556d47b165df808124cd0c4 https://git.kernel.org/stable/c/8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f https://git.kernel.org/stable/c/cdf8bbbd9017adcfb91ad9a902198d4b507719a9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:08.251Z

Updated: 2026-05-11T21:57:27.350Z

Reserved: 2026-05-06T11:31:45.510Z

Link: CVE-2025-71296

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T14:16:30.887

Modified: 2026-05-14T19:21:57.783

Link: CVE-2025-71296

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2025-71296 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-14T21:00:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object