CVE-2025-38672
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the dma_buf field in the struct drm_gem_object, which is not stable over the object's lifetime. Specifically, the dma_buf field becomes NULL when user space releases the final GEM handle on the buffer object, leading to a NULL-pointer dereference. Previous workarounds only partially addressed the issue and did not cover buffer objects without an associated DRM framebuffer. The vulnerability was resolved by reverting to using .import_attach->dmabuf instead.
How can this vulnerability impact me? :
The vulnerability can cause a NULL-pointer dereference in the Linux kernel's DRM subsystem, which may lead to system crashes or instability when handling certain graphics buffer objects. This could affect system reliability and availability, especially in environments relying on DRM for graphics rendering.