CVE-2025-71301

CVE-2025-71301 addresses a locking deficiency in the Linux kernel's DRM subsystem. The tests. The root cause is that the Kunit tests for GEM shmem helper functions invoked vmap_locked and vunmap_locked without first acquiring the GEM object's reservation lock. This violates the internal locking contract of the drm_gem_shmem helpers, which assume the caller holds the lock when calling the locked variants [the locked variants] [1].

To exploit this, an attacker would not need direct access to the kernel test infrastructure; the bug manifests only when the tests are executed (e.g., during kernel self-tests). There are no remote exploitation vectors, and the vulnerability does not require authentication in a traditional sense—it triggers during test runs that are typically performed by developers or CI systems [2]. The issue is triggered by the test code calling drm_gem_shmem_vmap_locked, drm_gem_shmem_vunmap_locked, and related functions without the proper locking context, leading to kernel warnings are emitted at runtime. These warnings are produced by lockdep or direct assertions in the helper code at lines such as drm_gem_shmem_vmap_locked [3].

The impact is limited to a denial of service through repetitive kernel warning messages and potential system instability during test execution. The warnings can flood the kernel log and in some configurations may cause a panic if panic_on_warn is set. There is no evidence of data corruption or privilege escalation [1].

The fix has been merged into the stable kernel trees. It adds the missing drm_gem_object_reservation_lock and unlock` calls around the vmap/vunmap operations in the shmem test and exports the new vmap/vunmap helpers only for Kunit tests, not for regular drivers [2]. Users should update to a kernel version containing the commit to eliminate the warnings.