Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2025-38095

CVE-2025-38095

MEDIUM5.5

dma-buf: insert memory barrier before updating num_fences

Published Jul 3, 2025

Modified 5 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: insert memory barrier before updating num_fences

smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered.

References

WEB

https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51

WEB

https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f

WEB

https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a

WEB

https://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8f

WEB

https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927

WEB

https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30

WEB

https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4

WEB

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

WEB

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-38095

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJul 3, 2025

ModifiedNov 3, 2025

CVE-2025-38095 | Mondoo Vulnerability Intelligence