{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38095", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:23.984Z", "datePublished": "2025-07-03T07:44:18.214Z", "dateUpdated": "2025-11-03T19:58:27.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-09T17:06:06.983Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma-buf/dma-resv.c"], "versions": [{"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "d0b7f11dd68b593bd970e5735be00e8d89bace30", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "3becc659f9cb76b481ad1fb71f54d5c8d6332d3f", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "c9d2b9a80d06a58f37e0dc8c827075639b443927", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "fe1bebd0edb22e3536cbc920ec713331d1367ad4", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "08680c4dadc6e736c75bc2409d833f03f9003c51", "status": "affected", "versionType": "git"}, {"version": "a590d0fdbaa56f482ff515e1040b6d9b1b200d63", "lessThan": "72c7d62583ebce7baeb61acce6057c361f73be4a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma-buf/dma-resv.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.241", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.192", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.140", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.92", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.30", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.8", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.10.241"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.15.192"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.1.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.6.92"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.12.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.14.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f"}, {"url": "https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30"}, {"url": "https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f"}, {"url": "https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927"}, {"url": "https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4"}, {"url": "https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51"}, {"url": "https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a"}], "title": "dma-buf: insert memory barrier before updating num_fences", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:27.686Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1305E469-C65A-4E94-B785-0332F02FE163", "versionEndExcluding": "5.10.241", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A911BD7-361F-45C0-A4A6-33FCBA0F6117", "versionEndExcluding": "5.15.192", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEA541CD-1863-4E7F-85F5-EAC305910323", "versionEndExcluding": "6.1.140", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7787FD66-D748-44AF-A052-DE495E1E23AE", "versionEndExcluding": "6.6.92", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F43EF2E-9448-4BCA-99D9-DAEAEB7523C5", "versionEndExcluding": "6.12.30", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4458049-AD51-4F1B-BAB9-C32B53A54DE1", "versionEndExcluding": "6.14.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D465631-2980-487A-8E65-40AE2B9F8ED1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "4C9D071F-B28E-46EC-AC61-22B913390211", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "13FC0DDE-E513-465E-9E81-515702D49B74", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*", "matchCriteriaId": "8C7B5B0E-4EEB-48F5-B4CF-0935A7633845", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*", "matchCriteriaId": "2D240580-3048-49B2-9E27-F115A9DF8224", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*", "matchCriteriaId": "90320558-E553-4EF5-8A0B-0F5D20113BD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf: inserta una barrera de memoria antes de actualizar num_fences. smp_store_mb() inserta una barrera de memoria despu\u00e9s de la operaci\u00f3n de almacenamiento. Esto difiere del objetivo original del comentario, por lo que puede producirse una desreferencia de puntero nulo si se reordena la actualizaci\u00f3n de memoria."}], "id": "CVE-2025-38095", "lastModified": "2025-12-16T17:18:25.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-03T08:15:26.300", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: dma-buf: insert memory barrier before updating num_fences", "id": "2376026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376026"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndma-buf: insert memory barrier before updating num_fences\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered."], "name": "CVE-2025-38095", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38095\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38095\nhttps://lore.kernel.org/linux-cve-announce/2025070340-CVE-2025-38095-6596@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-06T22:16:21.088688+00:00", "updated": "2025-07-06T22:16:21.088735+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}