Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71302

CVE-2025-71302: Linux Kernel Race Condition Vulnerability

CVE-2025-71302 is a race condition flaw in the Linux Kernel drm/panthor component that violates dma-fence safe access rules. This article covers the technical details, affected versions, security impact, and mitigation.

Published:

CVE-2025-71302 Overview

CVE-2025-71302 is a race condition vulnerability in the Linux kernel's drm/panthor GPU driver. The flaw stems from improper adherence to dma-fence safe access rules documented in commit 506aa8b02a8d6. Specifically, the drm_sched_fence_get_timeline_name function can race with group_free_queue, leading to a use-after-free style condition during concurrent queue teardown. A local authenticated attacker can trigger this race to cause kernel-level denial of service on systems using Arm Mali GPUs with the Panthor driver. The vulnerability requires local access and low privileges, with no user interaction needed.

Critical Impact

Local attackers with low privileges can trigger a kernel-level denial of service on systems running affected Linux kernel versions with the Panthor GPU driver enabled.

Affected Products

  • Linux Kernel (upstream, mainline branch)
  • Linux Kernel stable branches prior to fix commits ab8c0de60f16, eae60933abd1, and efe24898485c
  • Systems using the drm/panthor driver for Arm Mali GPUs

Discovery Timeline

  • 2026-05-08 - CVE-2025-71302 published to NVD
  • 2026-05-14 - Last updated in NVD database

Technical Details for CVE-2025-71302

Vulnerability Analysis

The vulnerability resides in the Panthor Direct Rendering Manager (DRM) driver, which provides kernel-mode support for Arm Mali GPUs. The driver uses Direct Memory Access (DMA) fences to synchronize GPU workloads with CPU-side scheduling. The kernel documents strict access rules for dma-fence objects in commit 506aa8b02a8d6, requiring synchronization primitives such as RCU or reference counting when accessing fence metadata across contexts.

The Panthor driver violated these rules. The drm_sched_fence_get_timeline_name function reads the timeline name from a fence structure while concurrent execution of group_free_queue can release the underlying queue object. This produces a classic time-of-check-to-time-of-use race condition that can dereference memory after it has been freed.

Root Cause

The root cause is missing synchronization between the DRM scheduler's fence-name lookup path and the queue teardown path in Panthor. When the scheduler retrieves a timeline name for logging or tracing, it accesses fields owned by the queue. If group_free_queue runs concurrently, the queue memory is released without waiting for outstanding fence accessors, producing a use-after-free condition [CWE-416-like behavior, classified as NVD-CWE-noinfo].

Attack Vector

Exploitation requires local access with low privileges on a system using the Panthor driver. An attacker submits GPU workloads and triggers concurrent queue destruction to race the scheduler's fence access path. Successful exploitation results in kernel memory corruption, kernel panic, or system hang. The CVSS impact profile indicates availability-only impact with no confidentiality or integrity compromise.

No public proof-of-concept exploit is available, and the EPSS exploitation probability is 0.013%.

Detection Methods for CVE-2025-71302

Indicators of Compromise

  • Unexpected kernel panics or oops messages referencing drm_sched_fence_get_timeline_name, panthor, or group_free_queue in dmesg output.
  • KASAN (Kernel Address Sanitizer) reports identifying use-after-free conditions within the drm/panthor subsystem.
  • System hangs or GPU subsystem freezes on hosts running Arm Mali hardware with the Panthor driver loaded.

Detection Strategies

  • Audit installed kernel versions against the fix commits ab8c0de60f16, eae60933abd1, and efe24898485c using uname -r and distribution package metadata.
  • Enable KASAN on test systems to surface race-induced memory corruption during GPU workload stress testing.
  • Monitor kernel log streams for repeated panthor-related faults that correlate with high GPU scheduling activity.

Monitoring Recommendations

  • Forward /var/log/kern.log and dmesg output to a centralized logging platform and alert on driver-specific crash signatures.
  • Track unexpected reboot rates on Mali-equipped endpoints and servers to identify systemic exploitation attempts.
  • Apply file integrity monitoring to kernel modules under /lib/modules/$(uname -r)/kernel/drivers/gpu/drm/panthor/ to detect tampering.

How to Mitigate CVE-2025-71302

Immediate Actions Required

  • Apply the upstream stable kernel updates containing the fix commits ab8c0de60f16, eae60933abd1, or efe24898485c as published by the Linux kernel stable tree.
  • Restrict local shell access on multi-user systems running Arm Mali GPUs until patches are installed.
  • Inventory all systems using the Panthor driver and prioritize patching on shared or multi-tenant hosts.

Patch Information

The vulnerability is resolved in the Linux kernel via three upstream commits: Kernel Git Commit #ab8c0de, Kernel Git Commit #eae6093, and Kernel Git Commit #efe2489. The fixes implement the dma-fence safe access rules in the Panthor driver, ensuring synchronized access between fence metadata reads and queue teardown.

Workarounds

  • Unload the panthor kernel module on systems that do not require Arm Mali GPU acceleration using modprobe -r panthor.
  • Blacklist the driver via /etc/modprobe.d/blacklist-panthor.conf to prevent loading at boot on non-GPU workloads.
  • Limit untrusted local user access to systems where the driver must remain active.
bash
# Configuration example
echo "blacklist panthor" | sudo tee /etc/modprobe.d/blacklist-panthor.conf
sudo update-initramfs -u
sudo reboot

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.