CVE-2025-38095

dma-buf: insert memory barrier before updating num_fences

Description

In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f
https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927
https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4
https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51
https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a

Frequently Asked Questions

What is the severity of CVE-2025-38095?: CVE-2025-38095 has not yet been assigned a CVSS score.
How to fix CVE-2025-38095?: To fix CVE-2025-38095, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38095 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-38095 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38095?: CVE-2025-38095 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.