CVE-2025-38669
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the dma_buf field in the struct drm_gem_object becoming NULL when user space releases the final GEM handle on the buffer object. This causes a NULL-pointer dereference, which can lead to kernel crashes or instability. The issue arises because the dma_buf field is not stable over the object's lifetime, and previous partial fixes did not fully resolve the problem for all buffer objects.
How can this vulnerability impact me? :
The vulnerability can cause NULL-pointer dereferences in the Linux kernel, potentially leading to system crashes or instability. This can affect system reliability and availability, especially in environments using DRM (Direct Rendering Manager) for graphics buffer management.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by reverting the commit that caused the unstable dma_buf field in struct drm_gem_object. Immediate mitigation involves updating the Linux kernel to a version that includes this revert. There are no complete workarounds as previous commits only partially addressed the issue. Therefore, applying the official patch or upgrading to the fixed kernel version is recommended.