CVE-2025-71300 - Vulnerability Details

- Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.

OP-TEE logic in U-Boot automatically injects a reserved-memory
node along with optee firmware node to kernel device tree.
The injection logic is dependent on that there is no manually
defined optee node. Having the node in zynqmp.dtsi effectively
breaks OP-TEE's insertion of the reserved-memory node, causing
memory access violations during runtime.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is triggered when an OP‑TEE node is manually defined in the ZynqMP device tree. In normal operation, the OP‑TEE bootloader injects a reserved‑memory node and the firmware node into the kernel device tree. If a device tree already contains an OP‑TEE node, that injection is blocked and the kernel attempts to access memory regions that were never allocated, resulting in a runtime memory access violation. This fault can crash the kernel or allow an attacker to execute code with elevated privileges.

Affected Systems

The issue affects Linux kernel deployments on Xilinx ZynqMP platforms where the default device tree includes an OP‑TEE node without the revert commit applied. Any kernel that contains the added OP‑TEE entry in zynqmp.dtsi and does not revert that change is at risk; no specific version range is listed and the workaround is to ensure the revert is present.

Risk and Exploitability

The CVSS score is 5.5, EPSS is <1%, and KEV is not listed, indicating no publicly known exploits at the time of reporting. The moderate severity score reflects the risk of a memory access violation that could crash the kernel or facilitate privilege escalation if an attacker can tamper with the device tree or U‑Boot on a ZynqMP platform. The likely attack vector is manipulating the boot environment to prevent the OP‑TEE node injection, causing the kernel to access unallocated memory.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< eece81eeda10eb42c687399fb5aa69977ae15664
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< 3983ef126e439900bbf419724a9759863c146660
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< 2a833c730d4e8d1cc10953270ce0f3a156145d81
`06d22ed6b6635b17551f386b50bb5aaff9b75fbe`	affected	< c197179990124f991fca220d97fac56779a02c6d

Linux

affected

Version	Status	Constraints
`6.9`	affected	—
`0`	unaffected	< 6.9
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,eece81eeda10eb42c687399fb5aa69977ae15664)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,3983ef126e439900bbf419724a9759863c146660)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,2a833c730d4e8d1cc10953270ce0f3a156145d81)`	affected	code_commit	—
`[06d22ed6b6635b17551f386b50bb5aaff9b75fbe,c197179990124f991fca220d97fac56779a02c6d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.9`	affected	generic	—
`[0,6.9)`	unaffected	generic	—
`[6.12.75,6.12.*]`	unaffected	generic	—
`[6.18.16,6.18.*]`	unaffected	generic	—
`[6.19.6,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel version that includes the revert commit to remove the OP‑TEE node from zynqmp.dtsi.
Edit the zynqmp.dtsi file to delete the OP‑TEE node if the revert commit cannot be applied.
If a patched kernel is unavailable, rebuild the kernel without the OP‑TEE node or configure U‑Boot to suppress node injection.

Generated by OpenCVE AI on May 14, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2a833c730d4e8d1cc10953270ce0f3a156145d81
https://git.kernel.org/stable/c/3983ef126e439900bbf419724a9759863c146660
https://git.kernel.org/stable/c/c197179990124f991fca220d97fac56779a02c6d
https://git.kernel.org/stable/c/eece81eeda10eb42c687399fb5aa69977ae15664
https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2025-71300-fe93@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71300
https://www.cve.org/CVERecord?id=CVE-2025-71300

History

Thu, 14 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-909
References		https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2025-71300-fe93@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71300 https://www.cve.org/CVERecord?id=CVE-2025-71300

Fri, 08 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to kernel device tree. The injection logic is dependent on that there is no manually defined optee node. Having the node in zynqmp.dtsi effectively breaks OP-TEE's insertion of the reserved-memory node, causing memory access violations during runtime.
Title		Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2a833c730d4e8d1cc10953270ce0f3a156145d81 https://git.kernel.org/stable/c/3983ef126e439900bbf419724a9759863c146660 https://git.kernel.org/stable/c/c197179990124f991fca220d97fac56779a02c6d https://git.kernel.org/stable/c/eece81eeda10eb42c687399fb5aa69977ae15664

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:15:21.406Z

Updated: 2026-05-11T21:57:32.050Z

Reserved: 2026-05-08T13:14:33.087Z

Link: CVE-2025-71300

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T14:16:31.387

Modified: 2026-05-14T19:10:26.850

Link: CVE-2025-71300

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2025-71300 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-14T20:45:28Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object