Zero Day MonitorZDM

← Back to list

—

CVE-2025-71301EXPLOITEDPATCHED

linux · linux kernel

drm/tests: shmem: Hold reservation lock around vmap/vunmap

Description

A vulnerability, classified as critical, has been found in Linux Kernel up to 6.18.15/6.19.5. The impacted element is the function vmap_locked. This manipulation causes privilege escalation. The attacker needs to be present on the local network.

Affected Products

Vendor	Product	Versions
linux	linux kernel	954907f7147dc43e0d1cd4d430c21d143d5fdf55, 954907f7147dc43e0d1cd4d430c21d143d5fdf55, 954907f7147dc43e0d1cd4d430c21d143d5fdf55, 6.16, 6.18.15, 6.19.5

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source linux kernel	cert_advisory	90%

References

Related News (3 articles)

Tier B

BSI Advisories10h ago

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2025-71301 | Linux Kernel up to 6.18.15/6.19.5 vmap_locked privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2025-71301: drm/tests: shmem: Hold reservation lock around vmap/vunmap

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

6b953d92f2f29e74b125617c6f00300fa1bed97ee7b7022f11d3cf281c726117478696b83681bf11cda83b099f117f2a28a77bf467af934cb39e49cf06.18.166.19.67.0

CWECWE-Privilege Escalation

PublishedMay 8, 2026

Last enriched3d agov2

Tags

CVE-2025-71301

Trending Score62

Source articles3

Independent3

Info Completeness9/14

Missing: cvss, epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

IMPORTANTCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

CRITICALCVE-2026-43312EXP

media: i2c: ov5647: Initialize subdev before controls

CRITICALCVE-2026-43010EXP

bpf: Reject sleepable kprobe_multi programs at attach time

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 8, 2026

Discovered by ZDM

May 8, 2026

Actively Exploited

May 8, 2026

Exploit Available

May 8, 2026

Patch Available

May 8, 2026

Updated: description, severity, affectedVersions, cweIds, tags

May 8, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated severity to CRITICAL, added affected versions 6.18.15 and 6.19.5, and included a new CVE ID CVE-2025-71301.

descriptionseverityaffectedVersionscweIdstags

via VulDB

v13d ago

Initial creation