{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71298","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-06T11:31:45.510Z","datePublished":"2026-05-08T13:11:09.797Z","dateUpdated":"2026-05-11T21:57:29.659Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:57:29.659Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: shmem: Hold reservation lock around madvise\n\nAcquire and release the GEM object's reservation lock around calls\nto the object's madvide operation. The tests use\ndrm_gem_shmem_madvise_locked(), which led to errors such as show below.\n\n[   58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140\n\nOnly export the new helper drm_gem_shmem_madvise() for Kunit tests.\nThis is not an interface for regular drivers."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/drm_gem_shmem_helper.c","drivers/gpu/drm/tests/drm_gem_shmem_test.c","include/drm/drm_gem_shmem_helper.h"],"versions":[{"version":"954907f7147dc43e0d1cd4d430c21d143d5fdf55","lessThan":"9cc77691b5fd615625955cedf726da57543088f1","status":"affected","versionType":"git"},{"version":"954907f7147dc43e0d1cd4d430c21d143d5fdf55","lessThan":"07cfcab370da06f26c273306571cbb0bfa3b9c52","status":"affected","versionType":"git"},{"version":"954907f7147dc43e0d1cd4d430c21d143d5fdf55","lessThan":"607d07d8cc0b835a8701259f08a03dc149b79b4f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/drm_gem_shmem_helper.c","drivers/gpu/drm/tests/drm_gem_shmem_test.c","include/drm/drm_gem_shmem_helper.h"],"versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9cc77691b5fd615625955cedf726da57543088f1"},{"url":"https://git.kernel.org/stable/c/07cfcab370da06f26c273306571cbb0bfa3b9c52"},{"url":"https://git.kernel.org/stable/c/607d07d8cc0b835a8701259f08a03dc149b79b4f"}],"title":"drm/tests: shmem: Hold reservation lock around madvise","x_generator":{"engine":"bippy-1.2.0"}}}}