CVE-2025-38436 - Vulnerability Details

- drm/scheduler: signal scheduled fence when kill job

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/scheduler: signal scheduled fence when kill job

When an entity from application B is killed, drm_sched_entity_kill()
removes all jobs belonging to that entity through
drm_sched_entity_kill_jobs_work(). If application A's job depends on a
scheduled fence from application B's job, and that fence is not properly
signaled during the killing process, application A's dependency cannot be
cleared.

This leads to application A hanging indefinitely while waiting for a
dependency that will never be resolved. Fix this issue by ensuring that
scheduled fences are properly signaled when an entity is killed, allowing
dependent applications to continue execution.

Published: 2025-07-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The bug occurs when a background job in the DRM scheduler is terminated; scheduled fences that other jobs depend on are not signaled, leaving dependent jobs waiting forever. The result is that the dependent application stalls indefinitely, effectively denying service to that process. The weakness is a resource deprivation flaw, identified as CWE‑667, where a killed entity fails to clean up a needed synchronization object.

Affected Systems

All versions of the Linux kernel that contain the DRM scheduler component are affected. The specific version range is not listed, so any current release lacking the fix should be considered vulnerable. The vendor is the Linux team.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not present in the CISA KEV catalog, implying no widespread known exploits. An attacker would need local or privilege escalation capability to trigger the failing kill sequence, making the attack vector likely local. In practice, the risk is moderate but should not be ignored on systems where DRM scheduler jobs are critical.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a72ce6f84109c1dec1ab236d65979d3250668af3`	affected	< 8342127a8a65b0673863b106ce32b79c91ae3270
`a72ce6f84109c1dec1ab236d65979d3250668af3`	affected	< c5734f9bab6f0d40577ad0633af4090a5fda2407
`a72ce6f84109c1dec1ab236d65979d3250668af3`	affected	< aefd0a935625165a6ca36d0258d2d053901555df
`a72ce6f84109c1dec1ab236d65979d3250668af3`	affected	< aa382a8b6ed483e9812d0e63b6d1bdcba0186f29
`a72ce6f84109c1dec1ab236d65979d3250668af3`	affected	< 471db2c2d4f80ee94225a1ef246e4f5011733e50

Linux

affected

Version	Status	Constraints
`4.3`	affected	—
`0`	unaffected	< 4.3
`6.1.169`	unaffected	≤ 6.1.*
`6.6.96`	unaffected	≤ 6.6.*
`6.12.36`	unaffected	≤ 6.12.*
`6.15.5`	unaffected	≤ 6.15.*
`6.16`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the patch which signals scheduled fences upon entity termination.
If an update is unavailable, ensure that jobs depending on fences terminate gracefully before killing the associated entity, or use administrative tools to release dangling fences.
Monitor DRM scheduler logs for hangs and restart affected services or the host if indefinite blocking occurs.

Generated by OpenCVE AI on April 20, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update
EUVD	EUVD-2025-22710	In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinitely while waiting for a dependency that will never be resolved. Fix this issue by ensuring that scheduled fences are properly signaled when an entity is killed, allowing dependent applications to continue execution.
Ubuntu USN	USN-7833-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7834-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7833-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7833-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7833-4	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-7856-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8028-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8028-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8031-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8028-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8028-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8028-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8031-2	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8028-6	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-8031-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8052-1	Linux kernel (Low Latency) vulnerabilities
Ubuntu USN	USN-8028-7	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8028-8	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-8052-2	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8074-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8074-2	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50
https://git.kernel.org/stable/c/8342127a8a65b0673863b106ce32b79c91ae3270
https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29
https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df
https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407
https://lore.kernel.org/linux-cve-announce/2025072512-CVE-2025-38436-8cb6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38436
https://www.cve.org/CVERecord?id=CVE-2025-38436

History

Sat, 18 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/8342127a8a65b0673863b106ce32b79c91ae3270

Wed, 19 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 29 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025072512-CVE-2025-38436-8cb6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38436 https://www.cve.org/CVERecord?id=CVE-2025-38436
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Sat, 26 Jul 2025 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Fri, 25 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinitely while waiting for a dependency that will never be resolved. Fix this issue by ensuring that scheduled fences are properly signaled when an entity is killed, allowing dependent applications to continue execution.
Title		drm/scheduler: signal scheduled fence when kill job
References		https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50 https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29 https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-25T14:32:09.945Z

Updated: 2026-05-11T21:27:57.212Z

Reserved: 2025-04-16T04:51:24.016Z

Link: CVE-2025-38436

Vulnrichment

No data.

NVD

Status : Modified

Published: 2025-07-25T15:15:29.000

Modified: 2026-04-18T09:16:10.457

Link: CVE-2025-38436

Redhat

Severity : Moderate

Publid Date: 2025-07-25T00:00:00Z

Links: CVE-2025-38436 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T16:00:10Z

Weaknesses

CWE-667

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object