CVE-2025-38436
BaseFortify
Publication date: 2025-07-25
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's DRM scheduler. When an application (B) is killed, its jobs are removed, but if another application (A) has jobs depending on a scheduled fence from application B's job, and that fence is not properly signaled during the kill process, application A will hang indefinitely waiting for a dependency that will never be resolved. The fix ensures that scheduled fences are properly signaled when an entity is killed, allowing dependent applications to continue execution.
How can this vulnerability impact me? :
This vulnerability can cause applications that depend on jobs from other applications to hang indefinitely if those dependencies are not properly cleared when the other application is killed. This can lead to system instability, degraded performance, or denial of service for affected applications.