CVE-2025-71305 Linux CVE debrief

Who should care

Linux system administrators running kernels with DisplayPort MST displays; kernel maintainers backporting stable fixes

Technical summary

The vulnerability exists in drivers/gpu/drm/display/drm_dp_mst_topology.c in the drm_dp_atomic_release_time_slots() function. When releasing MST timeslots, if delayed_destroy_work executes after a DP 2.1 monitor disconnect, vcpi can become 0. The code then computes payload = ~BIT(vcpi - 1), resulting in BIT(-1) which is undefined behavior detected by UBSAN. The fix adds a conditional check to skip payload mask updates when vcpi == 0. Affected call chain: drm_dp_delayed_destroy_work → drm_kms_helper_hotplug_event → drm_client_dev_hotplug → drm_fb_helper_hotplug_event → __drm_fb_helper_restore_fbdev_mode_unlocked → drm_client_modeset_commit → mst_connector_atomic_check → drm_dp_atomic_release_time_slots.

Defensive priority

low

Recommended defensive actions

• Apply stable kernel updates containing the fix commits when available from your distribution
• Monitor kernel logs for UBSAN warnings in drm_dp_mst_topology.c as indicators of this code path being exercised
• No immediate action required for security hardening; this is a stability fix for display driver edge case

Evidence notes

CVE description confirms kernel fix with UBSAN stack trace showing shift exponent -1 in drm_dp_atomic_release_time_slots(). Six stable kernel commits provided across affected versions. No CVSS score assigned; NVD status 'Awaiting Analysis'.

Official resources