From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF56C3E276C for ; Fri, 8 May 2026 13:14:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246061; cv=none; b=AXqvTNTxUWj5rFhsp1a2iHvqo+PQMJl1JzpPUoegGAXfBXI5SGolIRd+l0g016+iS+cez5cbvwtiZrDyNUhr1Dk5qCgV8qcRUFqwtfxXdW613cbyx+mk5yWYcYcfk42tC0/VLCvdcOjY3MdBqCM5eKn3Xim/RxQLNuiWEv/6igA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246061; c=relaxed/simple; bh=4L9JzPHp+XV3uX5AYN6zDqpcHT53KbFOaZX3kWoD8pc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=jcGmNOKp8hUx6yhyIC/hSst5IRgyMp7eSi9zfDCvlbqQlCsjAhP2FCxkkCGUE3JkRvUJ0sLi9yVrkVMr12E0RwzUwdLFk13Y7wS38gNN0L/2PDbComOzZ5N8MITCEqPzEtxeBPq+CEEbQDgGA8iXC/npyhoTCY70qSRKNfKowHo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=P6lwsv/y; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="P6lwsv/y" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 44D25C2BCB0; Fri, 8 May 2026 13:14:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778246061; bh=4L9JzPHp+XV3uX5AYN6zDqpcHT53KbFOaZX3kWoD8pc=; h=From:To:Cc:Subject:Date:Reply-To:From; b=P6lwsv/yCPdsTOdEftEhgGCd2n5Lyxdxf3j6zrrODCHAkm3AOtggXUOZBISpT8asY eEppBDap8LwnDBukjuENumfmwDL+0xKE+Lbo9tzyDF2rVHkxOUJKiOgv6Vn02iWHRL vu6eIhCkeCEU2LXd6ANcJBlqOYy9DSqhI+wIfqbc= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2025-71298: drm/tests: shmem: Hold reservation lock around madvise Date: Fri, 8 May 2026 15:11:48 +0200 Message-ID: <2026050850-CVE-2025-71298-c20b@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2523; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=8ZuYdfa31ylUbSfmonrxYvHLRD2tXw5czdXeOljTvz4=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/H4rtmPu8hDnV+fm1uU8c153tVNLkjHB5Iqm/K/TDv QN+TWb3O2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAiYecY5hesDYif2jK3v+/i /acvyvJmP77y4wXD/NpthfXqib/Lry27lcAjs+ny9jreZQA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to errors such as show below. [ 58.339389] WARNING: CPU: 1 PID: 1352 at drivers/gpu/drm/drm_gem_shmem_helper.c:499 drm_gem_shmem_madvise_locked+0xde/0x140 Only export the new helper drm_gem_shmem_madvise() for Kunit tests. This is not an interface for regular drivers. The Linux kernel CVE team has assigned CVE-2025-71298 to this issue. Affected and fixed versions =========================== Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.18.16 with commit 9cc77691b5fd615625955cedf726da57543088f1 Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 6.19.6 with commit 07cfcab370da06f26c273306571cbb0bfa3b9c52 Issue introduced in 6.16 with commit 954907f7147dc43e0d1cd4d430c21d143d5fdf55 and fixed in 7.0 with commit 607d07d8cc0b835a8701259f08a03dc149b79b4f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71298 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/drm_gem_shmem_helper.c drivers/gpu/drm/tests/drm_gem_shmem_test.c include/drm/drm_gem_shmem_helper.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9cc77691b5fd615625955cedf726da57543088f1 https://git.kernel.org/stable/c/07cfcab370da06f26c273306571cbb0bfa3b9c52 https://git.kernel.org/stable/c/607d07d8cc0b835a8701259f08a03dc149b79b4f