VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 14, 2026

CVE-2025-71300

CVE-2025-71300

Description

In the Linux kernel, the following vulnerability has been resolved:

Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.

OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to kernel device tree. The injection logic is dependent on that there is no manually defined optee node. Having the node in zynqmp.dtsi effectively breaks OP-TEE's insertion of the reserved-memory node, causing memory access violations during runtime.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A manually added OP-TEE node in arm64 zynqmp device tree conflicts with U-Boot's automatic injection, causing memory violations; the commit is reverted.

Root

Cause A prior commit added an OP-TEE node to the arm64 zynqmp device tree (zynqmp.dtsi). However, U-Boot's OP-TEE logic automatically injects a reserved-memory node and an optee firmware node into the kernel device tree, provided no manually defined optee node exists. The presence of the manually defined node in zynqmp.dtsi interferes with this automatic injection, resulting in the reserved-memory node not being inserted [1][2][3][4].

Exploitation

The vulnerability manifests at runtime on systems running U-Boot with OP-TEE support. When the device tree includes the manually defined optee node, the expected reserved-memory region is missing. This leads to memory access violations as OP-TEE attempts to use memory that is not properly reserved [1].

Impact

An attacker with local access (or any user) could cause a denial of service or system instability due to memory corruption. The exact privileges required depend on the specific system configuration, but the bug can trigger crashes or unpredictable behavior [1].

Mitigation

The fix reverts the original commit. The revert has been backported to multiple stable kernel branches as indicated in the references [1][2][3][4]. Users should apply the appropriate stable update.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.