5.5

CVE-2025-37951

EPSS 0.03%
Veröffentlicht 20.05.2025 16:15:33
Zuletzt bearbeitet 17.12.2025 20:05:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Add job to pending list if the reset was skipped

When a CL/CSD job times out, we check if the GPU has made any progress
since the last timeout. If so, instead of resetting the hardware, we skip
the reset and let the timer get rearmed. This gives long-running jobs a
chance to complete.

However, when `timedout_job()` is called, the job in question is removed
from the pending list, which means it won't be automatically freed through
`free_job()`. Consequently, when we skip the reset and keep the job
running, the job won't be freed when it finally completes.

This situation leads to a memory leak, as exposed in [1] and [2].

Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when
GPU is still active"), this patch ensures the job is put back on the
pending list when extending the timeout.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.18 < 6.1.139

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.91

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.29

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.7

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Linux ≫ Linux Kernel Version6.15 Updaterc5

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.07

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/12125f7d9c15e6d8ac91d10373b2db2f17dcf767

Patch

https://git.kernel.org/stable/c/35e4079bf1a2570abffce6ababa631afcf8ea0e5

Patch

https://git.kernel.org/stable/c/422a8b10ba42097a704d6909ada2956f880246f2

Patch

https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e

Patch

https://git.kernel.org/stable/c/a5f162727b91e480656da1876247a91f651f76de

Patch

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-37951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37951

EUVD