From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 828C23DDDDB for ; Fri, 8 May 2026 13:13:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246030; cv=none; b=UD3SVH871e0nUPtvx/X3BG/+d7n8hmBwNEIN2xM4UHmJj3lwnbfPSE6aTa4WRQBzjvXQwIc8Pf7RnaSrya0BhvGL+eF2CGP/3CT71ucso2khnOQPa3ZLXdVqgePhSdTO93hQg9yMg5vhhzDNpDKzL8FC9aK3RzdRvDZ4IMlPezM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246030; c=relaxed/simple; bh=e9zSS0GBmo3tloNy9rmVegxTGVc3B5+HHMI+GvXBPnc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=eVjCJKxOp9orvCHEs6U6g8XkwGMvWim129N9E249qL1qhZOZFA0qk7XnsCgklwPtlsxa3cO4tcoJm6ElH8R18esCNuHeulC5CIQrVUg2m5k7DGRAtMd/JxAWVgqdpykAaqgnOSOfoYp6DtAV8mbqCkBtjq5/q8h0ynZCdclu46c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=lj7q6W4n; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="lj7q6W4n" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0537DC2BCB0; Fri, 8 May 2026 13:13:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778246030; bh=e9zSS0GBmo3tloNy9rmVegxTGVc3B5+HHMI+GvXBPnc=; h=From:To:Cc:Subject:Date:Reply-To:From; b=lj7q6W4nFzBmqBVjOEb7nGdZaO7JH/AES3OqAdQddDkoB5jwjSl43lP6HV857q6BU XqDaWYY22KS1ZMHW+8MjpQndq/xGjAx5THw/Ow8mtirsAOLASdvuS2uC+LUsDR6ZCj n+81HmTFGSgH6kpVO7DDCHHDVvI2ZRoUERGglue8= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2025-71296: drm/tests: shmem: Hold reservation lock around purge Date: Fri, 8 May 2026 15:11:46 +0200 Message-ID: <2026050846-CVE-2025-71296-e1b1@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2514; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=S99zmNXCNfoayuGS+ETESPmVS1U9dlK5J8vYcKeBMFk=; b=kA0DAAIRMUfUDdst+ykByyZiAGn94RKidz8rskool+AF4Z9LcC/44+5wIp1LxQbOUefupXcgc 4hdBAARAgAdFiEE9LYMxb94wiFKMT3LMUfUDdst+ykFAmn94RIACgkQMUfUDdst+ykAoACeJLL0 /ArL8H+JFpIrIolFM8kPL+AAniLTmeqS0Wqz7OFraskYCzljWR9b X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors such as show below. [ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740 Only export the new helper drm_gem_shmem_purge() for Kunit tests. This is not an interface for regular drivers. The Linux kernel CVE team has assigned CVE-2025-71296 to this issue. Affected and fixed versions =========================== Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.18.16 with commit cdf8bbbd9017adcfb91ad9a902198d4b507719a9 Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.19.6 with commit 8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 7.0 with commit 3f41307d589c2f25d556d47b165df808124cd0c4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71296 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/drm_gem_shmem_helper.c drivers/gpu/drm/tests/drm_gem_shmem_test.c include/drm/drm_gem_shmem_helper.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cdf8bbbd9017adcfb91ad9a902198d4b507719a9 https://git.kernel.org/stable/c/8baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f https://git.kernel.org/stable/c/3f41307d589c2f25d556d47b165df808124cd0c4