Description
In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Convert to DRM's vblank timer

Replace vkms' vblank timer with the DRM implementation. The DRM
code is identical in concept, but differs in implementation.

Vblank timers are covered in vblank helpers and initializer macros,
so remove the corresponding hrtimer in struct vkms_output. The
vblank timer calls vkms' custom timeout code via handle_vblank_timeout
in struct drm_crtc_helper_funcs.
Published: 2026-06-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel implements a change to use DRM's vblank timer to replace the custom vkms timer. This modification addresses an issue related to timer implementation for virtual KMS outputs and removes the legacy hrtimer from struct vkms_output. The primary impact of the former implementation could have been kernel stability problems and possible denial of service caused by a mis‑timed or corrupted vblank event, but the patch eliminates that risk. No explicit evidence indicates that the change resolves a security vulnerability; it is a functional fix that improves timer reliability.

Affected Systems

The affected component is the Linux kernel’s vkms DRM subsystem that manages virtual graphics outputs. All kernel versions that included the vkms module before this change may have contained the legacy timer implementation. No specific release or version range is provided, so system administrators should assume earlier kernel releases could be impacted.

Risk and Exploitability

The CVSS score is 5.5, EPSS data is not available, and the CISA KEV listing is not included. The description frames the change as a correction rather than an exposed flaw. Consequently, the documented risk appears low and no known exploit is published.

Generated by OpenCVE AI on June 9, 2026 at 04:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Linux kernel that incorporates the vkms vblank timer correction.
  • Verify that the kernel configuration does not enable the legacy vkms timer code paths and that DRM's vblank timer is active.
  • Monitor system logs for vblank timeout or kernel panics to ensure no residual hrtimer leftovers remain.

Generated by OpenCVE AI on June 9, 2026 at 04:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-749

Tue, 09 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer macros, so remove the corresponding hrtimer in struct vkms_output. The vblank timer calls vkms' custom timeout code via handle_vblank_timeout in struct drm_crtc_helper_funcs.
Title drm/vkms: Convert to DRM's vblank timer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T07:37:22.884Z

Reserved: 2026-05-27T12:23:27.414Z

Link: CVE-2025-71315

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T16:16:33.500

Modified: 2026-06-08T16:16:33.500

Link: CVE-2025-71315

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2025-71315 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T04:15:39Z

Weaknesses