CVE-2025-71181
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-31

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission. This leads to crashes like the following: ============================================ WARNING: possible recursive locking detected 6.18.0-mainline-maybe-dirty #1 Tainted: G IO -------------------------------------------- kswapd0/68 is trying to acquire lock: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230 but task is already holding lock: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&l->lock); lock(&l->lock); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by kswapd0/68: #0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x597/0x1160 #1: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20 #2: ffffffff90cf3680 (rcu_read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230 To fix this, remove the spin_lock() call from rust_shrink_free_page().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-31
Last Modified
2026-03-25
Generated
2026-05-06
AI Q&A
2026-01-31
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71181
EUVD
EUVD-2025-206594
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.18
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.18.1 (inc) to 6.18.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a deadlock issue in the Linux kernel's Rust Binder component. Specifically, a spin_lock() call was mistakenly left in the rust_shrink_free_page() function after forward-porting Rust Binder to kernel version 6.18. This caused recursive locking attempts leading to deadlocks and kernel crashes because the lock was being acquired twice by the same task without proper nesting notation. The fix involved removing the spin_lock() call from rust_shrink_free_page().


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to deadlock and crash due to recursive locking in the Rust Binder driver. Such crashes can lead to system instability, potential data loss, and service interruptions on affected systems running the vulnerable kernel version.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for warnings about recursive locking or deadlocks related to rust_binder and spin_lock usage. Specifically, look for messages similar to "WARNING: possible recursive locking detected" and deadlock traces involving rust_helper_spin_lock and kswapd. You can use the command `dmesg | grep -i 'recursive locking'` or `journalctl -k | grep -i 'recursive locking'` to find such messages in the kernel logs.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where the spin_lock() call has been removed from rust_shrink_free_page(), as this fix resolves the deadlock issue. Until then, avoid using affected kernel versions or disable the rust_binder feature if possible to prevent the unsafe locking scenario.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart