SB2025070458 - NULL pointer dereference in Linux kernel dma-buf driver
Published: July 4, 2025
Security Bulletin ID
SB2025070458
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51
- https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3f
- https://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4a
- https://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927
- https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4