5.5

CVE-2025-38095

EPSS 0.12%
Veröffentlicht 03.07.2025 07:44:18
Zuletzt bearbeitet 16.12.2025 17:18:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

dma-buf: insert memory barrier before updating num_fences

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: insert memory barrier before updating num_fences

smp_store_mb() inserts memory barrier after storing operation.
It is different with what the comment is originally aiming so Null
pointer dereference can be happened if memory update is reordered.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

NVD 13 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.0 < 5.10.241

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.192

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.140

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.92

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.30

Linux ≫ Linux Kernel Version >= 6.13 < 6.14.8

Linux ≫ Linux Kernel Version6.15 Updaterc1

Linux ≫ Linux Kernel Version6.15 Updaterc2

Linux ≫ Linux Kernel Version6.15 Updaterc3

Linux ≫ Linux Kernel Version6.15 Updaterc4

Linux ≫ Linux Kernel Version6.15 Updaterc5

Linux ≫ Linux Kernel Version6.15 Updaterc6

Debian ≫ Debian Linux Version11.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f

Patch

https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927

Patch

https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4

Patch

https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51

Patch

https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a

Patch

https://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f

Patch

https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-38095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38095

EUVD