—

CVE-2025-71296EXPLOITEDPATCHED

linux · linux kernel

drm/tests: shmem: Hold reservation lock around purge

Description

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.15/6.19.5. Impacted is the function drm_gem_shmem_purge_locked. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2025-71296. The attack requires being on the local network.

Affected Products

Vendor	Product	Versions
linux	linux kernel	954907f7147dc43e0d1cd4d430c21d143d5fdf55, 954907f7147dc43e0d1cd4d430c21d143d5fdf55, 954907f7147dc43e0d1cd4d430c21d143d5fdf55, 6.16, 6.18.16, 6.19.6, 7.0, 6.18.15, 6.19.5

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source linux kernel	cert_advisory	90%

References

Related News (3 articles)

Tier B

BSI Advisories12h ago

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2025-71296 | Linux Kernel up to 6.18.15/6.19.5 drm_gem_shmem_purge_locked privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2025-71296: drm/tests: shmem: Hold reservation lock around purge

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

cdf8bbbd9017adcfb91ad9a902198d4b507719a98baeee2c1c0cdb3a8eac3b8f38156cce6ee1a69f3f41307d589c2f25d556d47b165df808124cd0c406.18.166.19.67.0

PublishedMay 8, 2026

Last enriched3d agov3

Trending Score61

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

IMPORTANTCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 133

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 117

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 116

CRITICALCVE-2026-43297EXP

media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()

Trending: 61

CRITICALCVE-2026-43295EXP

rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()

Trending: 61

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 8, 2026

Actively Exploited

May 8, 2026

Exploit Available

May 8, 2026

Patch Available

May 8, 2026

Discovered by ZDM

May 8, 2026

Updated: description, affectedVersions, severity, exploitAvailable, activelyExploited

May 8, 2026

Updated: description, severity, affectedVersions

May 8, 2026

Version History

Last enriched 3d ago

v3Tier C3d ago

Updated severity to CRITICAL, added affected versions 6.18.15 and 6.19.5, and provided a new description detailing the privilege escalation vulnerability.

descriptionseverityaffectedVersions

via VulDB

v2Tier C3d ago

Updated description with more technical detail, added affected versions 6.18.16, 6.19.6, and 7.0, and changed severity to HIGH while marking the vulnerability as actively exploited.

descriptionaffectedVersionsseverityexploitAvailableactivelyExploited

via Linux Kernel CVEs

v13d ago

Initial creation