CVE-2025-71301 - Vulnerability Details

- drm/tests: shmem: Hold reservation lock around vmap/vunmap

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/tests: shmem: Hold reservation lock around vmap/vunmap

Acquire and release the GEM object's reservation lock around vmap and
vunmap operations. The tests use vmap_locked, which led to errors such
as show below.

[ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0

[ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350

[ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370

[ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330

Only export the new vmap/vunmap helpers for Kunit tests. These are
not interfaces for regular drivers.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The defect resides in the DRM shared‑memory test helpers of the Linux kernel, where vmap and vunmap functions are used without holding the GEM object's reservation lock. This oversight triggers kernel warning messages during unit test execution and can introduce inconsistent state if the test harness is run concurrently. The code path affected is confined to the Kunit test suite; it is not exposed through any regular driver or user‑space interface, so no direct security impact is observed for normal operation.

Affected Systems

All Linux kernel builds that compile the drm/gem/shmem Kunit tests and contain the unpatched test helpers are affected. The vulnerability does not affect any specific kernel release or distribution but is present in any custom build that includes the legacy test helpers prior to the patch.

Risk and Exploitability

Because the vulnerable code is exercised only in a controlled testing environment and is not available to production drivers or users, the risk to system integrity, confidentiality, or availability is negligible. The CVSS score of 5.5 indicates a moderate severity, but EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV catalog, reinforcing the low likelihood of exploitation. Updating to a kernel that incorporates the patch eliminates the warning conditions and the associated risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< 6b953d92f2f29e74b125617c6f00300fa1bed97e
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< e7b7022f11d3cf281c726117478696b83681bf11
`954907f7147dc43e0d1cd4d430c21d143d5fdf55`	affected	< cda83b099f117f2a28a77bf467af934cb39e49cf

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,6b953d92f2f29e74b125617c6f00300fa1bed97e)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,e7b7022f11d3cf281c726117478696b83681bf11)`	affected	code_commit	—
`[954907f7147dc43e0d1cd4d430c21d143d5fdf55,cda83b099f117f2a28a77bf467af934cb39e49cf)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	semver	—
`[0,6.16)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that contains the patch for the DRM shmem test helpers.
If you build Kunit tests manually, ensure the patched vmap/vunmap helpers are compiled into the test suite.
If a patch cannot be applied immediately, avoid executing the Kunit tests in production‑critical systems and restrict them to isolated development environments.

Generated by OpenCVE AI on May 9, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/6b953d92f2f29e74b125617c6f00300fa1bed97e
https://git.kernel.org/stable/c/cda83b099f117f2a28a77bf467af934cb39e49cf
https://git.kernel.org/stable/c/e7b7022f11d3cf281c726117478696b83681bf11
https://lore.kernel.org/linux-cve-announce/2026050825-CVE-2025-71301-e6f6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71301
https://www.cve.org/CVERecord?id=CVE-2025-71301

History

Sat, 09 May 2026 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-413
References		https://lore.kernel.org/linux-cve-announce/2026050825-CVE-2025-71301-e6f6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71301 https://www.cve.org/CVERecord?id=CVE-2025-71301
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmap_locked, which led to errors such as show below. [ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0 [ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350 [ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370 [ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330 Only export the new vmap/vunmap helpers for Kunit tests. These are not interfaces for regular drivers.
Title		drm/tests: shmem: Hold reservation lock around vmap/vunmap
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/6b953d92f2f29e74b125617c6f00300fa1bed97e https://git.kernel.org/stable/c/cda83b099f117f2a28a77bf467af934cb39e49cf https://git.kernel.org/stable/c/e7b7022f11d3cf281c726117478696b83681bf11

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:15:22.100Z

Updated: 2026-05-08T13:15:22.100Z

Reserved: 2026-05-08T13:14:33.087Z

Link: CVE-2025-71301

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:31.497

Modified: 2026-05-08T14:16:31.497

Link: CVE-2025-71301

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2025-71301 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses

CWE-413

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object