CVE-2025-71314: Linux Panthor GPU Driver Denial of Service via Cache Flush Timeout
A vulnerability in the Linux kernel's Panthor GPU driver can cause the graphics system to hang indefinitely when memory subsystem operations fail to complete. The issue arises because the driver lacks proper recovery mechanisms for stuck cache-flush operations. When a GPU memory flush times out, the driver now schedules a reset and recovers gracefully instead of hanging. This affects systems using Panthor-based GPUs (primarily ARM Mali GPUs in certain SoCs).
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- —
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-03 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recover from this situation - in the reset path, we need to reset the pending_reqs so we can send new commands after the reset - if more panthor_gpu_flush_caches() operations are queued after the timeout, we skip them and return -EIO directly to avoid needless waits (the memory block won't miraculously work again) Note that we drop the WARN_ON()s because these hangs can be triggered with buggy GPU jobs created by the UMD, and there's no way we can prevent it. We do keep the error messages though. v2: - New patch v3: - Collect R-b - Explicitly mention the fact we dropped the WARN_ON()s in the commit message v4: - No changes
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2025-71314 addresses a denial-of-service condition in the Linux kernel's drm/panthor driver. The vulnerability occurs when panthor_gpu_flush_caches() operations fail to complete, potentially blocking the entire memory subsystem. The fix implements timeout detection and recovery: upon timeout, the driver schedules a GPU reset, clears pending requests to allow new commands post-reset, and short-circuits subsequent flush attempts with -EIO rather than waiting indefinitely. The patch removes WARN_ON() assertions that could be triggered by malformed GPU jobs from userspace drivers, replacing them with error logging to maintain observability without causing kernel warnings.
Business impact
Systems relying on Panthor GPU acceleration (common in mobile and embedded Linux deployments using ARM Mali GPUs) risk graphics subsystem hangs that degrade user experience or cause application crashes. The vulnerability is typically triggered by buggy GPU workloads from userspace drivers, not by remote attack. Recovery requires driver reload or system reboot. Organizations shipping products with affected kernel versions should prioritize patching to improve stability and reduce support burden from graphics-related failures.
Affected systems
The Linux kernel is affected across versions that include the Panthor GPU driver. This primarily impacts systems using ARM Mali GPUs (such as certain Qualcomm, MediaTek, and Samsung SoCs) that rely on the drm/panthor driver for GPU acceleration. Verify your kernel version and GPU driver against the official Linux kernel Git history and your distribution's advisory to confirm exposure.
Exploitability
Exploitation requires local access and the ability to submit GPU workloads. An authenticated user can craft malformed GPU jobs that trigger memory subsystem hangs, causing denial of service to graphics functionality. The vulnerability cannot be exploited remotely and does not lead to code execution or privilege escalation. The impact is confined to availability of GPU services on the affected system.
Remediation
Apply the Linux kernel patch that implements timeout recovery for panthor_gpu_flush_caches() operations. The fix involves: (1) detecting when cache-flush operations time out, (2) scheduling a GPU reset to recover, (3) resetting pending requests before allowing new commands, and (4) returning -EIO for subsequent flush attempts on an already-hung system. Verify the patch version against the official Linux kernel repository and your distribution's security advisories before deployment.
Patch guidance
Obtain the patch from your Linux distribution's security updates or the upstream Linux kernel repository. The vulnerability was introduced in earlier kernel versions and is resolved in patched releases. Coordinate with your device manufacturer or distribution maintainer to confirm patch availability for your specific kernel version and hardware platform. Test the patched kernel in a non-production environment before full deployment, especially if you have custom GPU workloads or drivers.
Detection guidance
Monitor kernel logs for timeout messages related to panthor_gpu_flush_caches() operations. Systems experiencing this vulnerability will show graphics subsystem hangs, GPU reset events, or repeated cache-flush timeout errors in dmesg. GPU monitoring tools and performance profilers may report stalled graphics pipelines. Correlate GPU driver logs with system reboots or graphics service restarts to identify affected deployments. Systems on unpatched kernel versions with workloads exercising GPU memory operations are higher risk.
Why prioritize this
Although rated MEDIUM severity due to local-only access and availability-only impact, this vulnerability affects stability in production deployments using Panthor GPUs. Prioritize patching for systems where graphics performance is critical (automotive infotainment, embedded displays, AI/ML inference on edge devices). Lower priority for server or headless deployments without GPU acceleration. The ease of triggering via userspace GPU jobs makes this a practical concern for systems accepting untrusted workloads.
Risk score, explained
CVSS 3.1 score of 5.5 (MEDIUM) reflects: local attack vector (AV:L) requiring authenticated access (PR:L), low complexity (AC:L), no user interaction (UI:N), isolated impact (S:U), and high availability impact (A:H). The score appropriately captures that this is a denial-of-service condition affecting only GPU graphics availability on the local system, with no confidentiality or integrity compromise. Real-world severity depends on GPU criticality in the deployment context.
Frequently asked questions
Does this vulnerability allow remote code execution or privilege escalation?
No. CVE-2025-71314 is a local denial-of-service vulnerability affecting GPU graphics availability only. It requires authenticated local access to submit GPU workloads and cannot be exploited remotely or to gain elevated privileges.
Which ARM Mali GPU models are affected?
The Panthor driver supports various ARM Mali GPU generations used in SoCs from Qualcomm, MediaTek, Samsung, and other vendors. Verify your specific SoC and kernel version against your manufacturer's advisory and the Linux kernel repository to confirm exposure.
What happens if I don't patch this vulnerability?
Unpatched systems risk graphics subsystem hangs triggered by malformed GPU jobs, requiring driver reloads or reboots to recover. User experience degrades, and support burden increases. Systems not using GPU acceleration or those with strict workload controls face lower practical risk.
Can this be exploited via a container or virtual machine?
Exploitation requires direct submission of GPU workloads to the kernel driver. Depending on your virtualization or containerization setup, GPU access controls may limit exposure. Verify whether untrusted workloads can access GPU devices in your environment.
This analysis is based on CVE-2025-71314 public disclosure data. Verify all patch availability, version numbers, and affected systems against official Linux kernel advisories, your distribution's security bulletins, and your hardware manufacturer's guidance before making patching decisions. SEC.co does not provide warranty for the accuracy or applicability of this information to your specific environment. Test patches thoroughly in non-production settings. Contact your distribution vendor or kernel maintainer for definitive guidance on vulnerability exposure and remediation timelines. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Affected vendors
Related vulnerabilities
- CVE-2025-71313MEDIUMLinux Kernel PCI Endpoint NULL Pointer Dereference
- CVE-2026-10004MEDIUMChrome UI Spoofing Vulnerability – Password Dialog Hijacking
- CVE-2026-10018MEDIUMInteger Overflow in Chrome ANGLE GPU Graphics Layer
- CVE-2026-10912MEDIUMChrome Extension Same-Origin Policy Bypass (CVSS 6.5)
- CVE-2026-10916MEDIUMChrome DevTools UXSS Vulnerability
- CVE-2026-10998MEDIUMChrome Media Out-of-Bounds Memory Read Vulnerability
- CVE-2026-11004MEDIUMChrome ANGLE Out-of-Bounds Read Memory Disclosure
- CVE-2026-11006MEDIUMChrome Out-of-Bounds Read in Dawn Graphics API—Urgent Patch Required