CVE-2025-71300 - Vulnerability Details

- Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.

OP-TEE logic in U-Boot automatically injects a reserved-memory
node along with optee firmware node to kernel device tree.
The injection logic is dependent on that there is no manually
defined optee node. Having the node in zynqmp.dtsi effectively
breaks OP-TEE's insertion of the reserved-memory node, causing
memory access violations during runtime.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is triggered when an OP‑TEE node is manually defined in the ZynqMP device tree. In normal operation, the OP‑TEE bootloader injects a reserved‑memory node and the firmware node into the kernel device tree. If a device tree already contains an OP‑TEE node, that injection is blocked and the kernel attempts to access memory regions that were never allocated, resulting in a runtime memory access violation. This fault can crash the kernel or allow an attacker to execute code with elevated privileges.

Affected Systems

The issue affects Linux kernel deployments on Xilinx ZynqMP platforms where the default device tree includes an OP‑TEE node without the revert commit applied. Any kernel that contains the added OP‑TEE entry in zynqmp.dtsi and does not revert that change is at risk; no specific version range is listed and the workaround is to ensure the revert is present.

Risk and Exploitability

The CVSS score is not disclosed and EPSS is unavailable, so formal exploitation probability is unknown. The vulnerability is not in the CISA KEV list, indicating no known public exploits at the time of reporting. Nevertheless, kernel memory access violations carry a high risk; the likely attack vector involves tampering with the device tree during boot or modifying the U‑Boot environment to prevent the reserved‑memory node from being inserted.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< eece81eeda10eb42c687399fb5aa69977ae15664
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< 3983ef126e439900bbf419724a9759863c146660
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< 2a833c730d4e8d1cc10953270ce0f3a156145d81
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< c197179990124f991fca220d97fac56779a02c6d

Linux

affected

Version	Status	Constraints
`6.9`	affected	—
`0`	unaffected	< 6.9
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,eece81eeda10eb42c687399fb5aa69977ae15664)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,3983ef126e439900bbf419724a9759863c146660)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,2a833c730d4e8d1cc10953270ce0f3a156145d81)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,c197179990124f991fca220d97fac56779a02c6d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.9`	affected	generic	—
`[0,6.9)`	unaffected	generic	—
`[6.12.75,6.12.*]`	unaffected	generic	—
`[6.18.16,6.18.*]`	unaffected	generic	—
`[6.19.6,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel version that includes the revert commit to remove the OP‑TEE node from zynqmp.dtsi.
Edit the zynqmp.dtsi file to delete the OP‑TEE node if the revert commit cannot be applied.
If a patched kernel is unavailable, rebuild the kernel without the OP‑TEE node or configure U‑Boot to suppress node injection.

Generated by OpenCVE AI on May 9, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2a833c730d4e8d1cc10953270ce0f3a156145d81
https://git.kernel.org/stable/c/3983ef126e439900bbf419724a9759863c146660
https://git.kernel.org/stable/c/c197179990124f991fca220d97fac56779a02c6d
https://git.kernel.org/stable/c/eece81eeda10eb42c687399fb5aa69977ae15664
https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2025-71300-fe93@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71300
https://www.cve.org/CVERecord?id=CVE-2025-71300

History

Sat, 09 May 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-909
References		https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2025-71300-fe93@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71300 https://www.cve.org/CVERecord?id=CVE-2025-71300

Fri, 08 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to kernel device tree. The injection logic is dependent on that there is no manually defined optee node. Having the node in zynqmp.dtsi effectively breaks OP-TEE's insertion of the reserved-memory node, causing memory access violations during runtime.
Title		Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2a833c730d4e8d1cc10953270ce0f3a156145d81 https://git.kernel.org/stable/c/3983ef126e439900bbf419724a9759863c146660 https://git.kernel.org/stable/c/c197179990124f991fca220d97fac56779a02c6d https://git.kernel.org/stable/c/eece81eeda10eb42c687399fb5aa69977ae15664

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:15:21.406Z

Updated: 2026-05-08T13:15:21.406Z

Reserved: 2026-05-08T13:14:33.087Z

Link: CVE-2025-71300

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:31.387

Modified: 2026-05-08T14:16:31.387

Link: CVE-2025-71300

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2025-71300 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses

CWE-909

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object