Description
In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around madvise

Acquire and release the GEM object's reservation lock around calls
to the object's madvide operation. The tests use
drm_gem_shmem_madvise_locked(), which led to errors such as show below.

[ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140

Only export the new helper drm_gem_shmem_madvise() for Kunit tests.
This is not an interface for regular drivers.
Published: 2026-05-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the Linux kernel’s DRM shmem tests causes the GEM object’s reservation lock to be released while the madvise operation is in progress, leading to a race condition that triggers kernel warning messages and can potentially corrupt kernel state or cause a crash. The flaw is confined to the test helper function and does not affect normal driver operation.

Affected Systems

The vulnerability exists in the Linux kernel’s DRM shmem module. All builds that include the unpatched test helper function are affected; this includes development or test environments that compile the original drm_gem_shmem_madvise_locked function. Production configurations that omit these test helpers are unlikely to be impacted.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that known exploitation is not currently documented. Because the flaw resides in a testing helper function rather than a publicly exposed interface, the practical attack surface is limited. However, a privileged user who can trigger the test code could potentially induce kernel instability. The CVSS score is not supplied, so the severity remains uncertain but is considered low to moderate under the given constraints.

Generated by OpenCVE AI on May 8, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that surrounds madvise calls with the reservation lock, replacing the problematic drm_gem_shmem_madvise_locked implementation with the updated drm_gem_shmem_madvise helper.
  • Disable or remove any build configurations that enable the old shmem test helper from the kernel when running in a production environment.
  • Keep the Linux kernel updated to versions that include this fix, and verify that all test builds use the new helper function.

Generated by OpenCVE AI on May 8, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to errors such as show below. [ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140 Only export the new helper drm_gem_shmem_madvise() for Kunit tests. This is not an interface for regular drivers.
Title drm/tests: shmem: Hold reservation lock around madvise
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T13:11:09.797Z

Reserved: 2026-05-06T11:31:45.510Z

Link: CVE-2025-71298

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:31.153

Modified: 2026-05-08T14:16:31.153

Link: CVE-2025-71298

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T15:15:10Z

Weaknesses