CVE-2025-71298
Received Received - Intake
Linux Kernel DRM Memory Advice Locking Issue

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to errors such as show below. [ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140 Only export the new helper drm_gem_shmem_madvise() for Kunit tests. This is not an interface for regular drivers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2025-71298
EUVD
EUVD-2025-209747
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the drm/tests subsystem, specifically involving the shmem (shared memory) and the handling of reservation locks around the madvise operation on GEM objects.

The issue was that the reservation lock for the GEM object was not properly held during calls to the object's madvise operation, which caused errors during testing.

The fix involved acquiring and releasing the GEM object's reservation lock properly around these madvise calls to prevent such errors.

Additionally, a new helper function drm_gem_shmem_madvise() was introduced exclusively for Kunit tests and is not intended as an interface for regular drivers.

Impact Analysis

The vulnerability could lead to errors or instability in the graphics subsystem of the Linux kernel during operations involving shared memory and GEM objects.

Specifically, improper handling of reservation locks around madvise operations might cause warnings or faults in the kernel, potentially affecting system reliability or causing unexpected behavior in GPU-related tasks.

However, this issue was identified in the testing code and fixed by ensuring proper locking, reducing the risk of such impacts in production environments.

Detection Guidance

This vulnerability relates to the Linux kernel's drm_gem_shmem_madvise_locked function causing errors when the reservation lock is not properly held around madvise calls.

Detection can involve monitoring system logs for specific warning messages indicating the issue.

  • Check kernel logs for warnings similar to: "WARNING: CPU: <cpu_id> PID: <pid> at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140" using the command: dmesg | grep drm_gem_shmem_madvise_locked
  • Use journalctl to review recent kernel messages: journalctl -k | grep drm_gem_shmem_madvise_locked
Mitigation Strategies

The vulnerability has been resolved by ensuring the GEM object's reservation lock is properly acquired and released around madvise calls.

Immediate mitigation steps include updating the Linux kernel to a version that includes this fix.

Avoid using the drm_gem_shmem_madvise_locked function directly in drivers, as the new helper drm_gem_shmem_madvise() is intended only for Kunit tests and not for regular drivers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71298. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart