CVE-2025-71298
Linux Kernel DRM Memory Advice Locking Issue
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the drm/tests subsystem, specifically involving the shmem (shared memory) and the handling of reservation locks around the madvise operation on GEM objects.
The issue was that the reservation lock for the GEM object was not properly held during calls to the object's madvise operation, which caused errors during testing.
The fix involved acquiring and releasing the GEM object's reservation lock properly around these madvise calls to prevent such errors.
Additionally, a new helper function drm_gem_shmem_madvise() was introduced exclusively for Kunit tests and is not intended as an interface for regular drivers.
How can this vulnerability impact me? :
The vulnerability could lead to errors or instability in the graphics subsystem of the Linux kernel during operations involving shared memory and GEM objects.
Specifically, improper handling of reservation locks around madvise operations might cause warnings or faults in the kernel, potentially affecting system reliability or causing unexpected behavior in GPU-related tasks.
However, this issue was identified in the testing code and fixed by ensuring proper locking, reducing the risk of such impacts in production environments.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to the Linux kernel's drm_gem_shmem_madvise_locked function causing errors when the reservation lock is not properly held around madvise calls.
Detection can involve monitoring system logs for specific warning messages indicating the issue.
- Check kernel logs for warnings similar to: "WARNING: CPU: <cpu_id> PID: <pid> at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140" using the command: dmesg | grep drm_gem_shmem_madvise_locked
- Use journalctl to review recent kernel messages: journalctl -k | grep drm_gem_shmem_madvise_locked
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by ensuring the GEM object's reservation lock is properly acquired and released around madvise calls.
Immediate mitigation steps include updating the Linux kernel to a version that includes this fix.
Avoid using the drm_gem_shmem_madvise_locked function directly in drivers, as the new helper drm_gem_shmem_madvise() is intended only for Kunit tests and not for regular drivers.