CVE-2025-38703

EPSS 0.02%
Veröffentlicht 04.09.2025 15:32:54
Zuletzt bearbeitet 24.11.2025 19:45:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Make dma-fences compliant with the safe access rules

Xe can free some of the data pointed to by the dma-fences it exports. Most
notably the timeline name can get freed if userspace closes the associated
submit queue. At the same time the fence could have been exported to a
third party (for example a sync_fence fd) which will then cause an use-
after-free on subsequent access.

To make this safe we need to make the driver compliant with the newly
documented dma-fence rules. Driver has to ensure a RCU grace period
between signalling a fence and freeing any data pointed to by said fence.

For the timeline name we simply make the queue be freed via kfree_rcu and
for the shared lock associated with multiple queues we add a RCU grace
period before freeing the per GT structure holding the lock.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.8 < 6.12.43

Linux ≫ Linux Kernel Version >= 6.13 < 6.15.11

Linux ≫ Linux Kernel Version >= 6.16 < 6.16.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/b17fcce70733c211cb5dabf54f4f9491920b1d92

Patch

https://git.kernel.org/stable/c/ba37807d08bae67de6139346a85650cab5f6145a

Patch

https://git.kernel.org/stable/c/683b0e397dad9f26a42dcacf6f7f545a77ce6c06

Patch

https://git.kernel.org/stable/c/6bd90e700b4285e6a7541e00f969cab0d696adde

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-38703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38703

EUVD