From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDD9D288AD for ; Fri, 8 May 2026 13:15:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246128; cv=none; b=FS+P2naHlh88HTLHV/3U6UpRxDs/9kuh6MvXAiqrYVeimfbplLTlek8c/FtvzFIaF5v8lKanVXnULr7uT70TXVscB7yYoziHxUHiz8ru1csD7Ch5NqhBx9j99sHfR3E68DY1XqgI6UDV6ZJcKKUj9qdncqGaLKwLwFGm+doAWRQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246128; c=relaxed/simple; bh=BIXiT6P2L8vHMI5Gur5DpO1mEUTW4SMLlrFGwnEHM7Y=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=gc7w/rcOJBzMPWw4FpTEY3x/qXbtWMbjFSsdv3mQMtjhvslHV7oUyb9Ua2a8EuA+Dsg0tOxoZh1h8ajAqzoRl8qBYApYoca1R+R0lWxQ3lVu6w3FwrYqermJzvkzksK4IKGOr+tDaK/smdYOqUEcay6mCur7+kokE3KtDEWsv5Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=gwKZ2GQn; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="gwKZ2GQn" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50DDAC2BCB0; Fri, 8 May 2026 13:15:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778246128; bh=BIXiT6P2L8vHMI5Gur5DpO1mEUTW4SMLlrFGwnEHM7Y=; h=From:To:Cc:Subject:Date:Reply-To:From; b=gwKZ2GQnSWRNrmTTTux+GxgL+sn98xzmE+aHXBi4BDrG7zGmoqVBRyiLPYSBiyxVN 9nukGp6/SDluv+CdX07ArxxA0v8+4nlQpNmX305i3KPF72JgniPi61WX0lsrKPuvzr NSRZvo0HEcDu3xJ75SGPTLZcGKNccvk+lkjJy00Y= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2025-71301: drm/tests: shmem: Hold reservation lock around vmap/vunmap Date: Fri, 8 May 2026 15:15:26 +0200 Message-ID: <2026050825-CVE-2025-71301-e6f6@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2872; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=odf6X6yjZXHmG67Y9c28R501yxwnbu116U7AAXxi2PI=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/H74NcS/+tjV/2vprL+p1PH4XP2B3W8ufxCHHaFqxJ srjUMX0jlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZiI/QmGedoLZ+rxNc/w2bmj oup4mfj3TewygQzzXTdfv8nOeevEwdab3x8Xna6PjlbYBQA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmap_locked, which led to errors such as show below. [ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0 [ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350 [ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370 [ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330 Only export the new vmap/vunmap helpers for Kunit tests. These are not interfaces for regular drivers. The Linux kernel CVE team has assigned CVE-2025-71301 to this issue. Affected and fixed versions =========================== Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.18.16 with commit 6b953d92f2f29e74b125617c6f00300fa1bed97e Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.19.6 with commit e7b7022f11d3cf281c726117478696b83681bf11 Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 7.0 with commit cda83b099f117f2a28a77bf467af934cb39e49cf Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71301 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/drm_gem_shmem_helper.c drivers/gpu/drm/tests/drm_gem_shmem_test.c include/drm/drm_gem_shmem_helper.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6b953d92f2f29e74b125617c6f00300fa1bed97e https://git.kernel.org/stable/c/e7b7022f11d3cf281c726117478696b83681bf11 https://git.kernel.org/stable/c/cda83b099f117f2a28a77bf467af934cb39e49cf