CVE-2025-38669
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dma_buf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38669
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the dma_buf field in the struct drm_gem_object becoming NULL when user space releases the final GEM handle on the buffer object. This causes a NULL-pointer dereference, which can lead to kernel crashes or instability. The issue arises because the dma_buf field is not stable over the object's lifetime, and previous partial fixes did not fully resolve the problem for all buffer objects.

Impact Analysis

The vulnerability can cause NULL-pointer dereferences in the Linux kernel, potentially leading to system crashes or instability. This can affect system reliability and availability, especially in environments using DRM (Direct Rendering Manager) for graphics buffer management.

Mitigation Strategies

The vulnerability has been resolved by reverting the commit that caused the unstable dma_buf field in struct drm_gem_object. Immediate mitigation involves updating the Linux kernel to a version that includes this revert. There are no complete workarounds as previous commits only partially addressed the issue. Therefore, applying the official patch or upgrading to the fixed kernel version is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38669. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart