CVE-2025-38436
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/07/2025
Last modified:
18/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/scheduler: signal scheduled fence when kill job<br />
<br />
When an entity from application B is killed, drm_sched_entity_kill()<br />
removes all jobs belonging to that entity through<br />
drm_sched_entity_kill_jobs_work(). If application A&#39;s job depends on a<br />
scheduled fence from application B&#39;s job, and that fence is not properly<br />
signaled during the killing process, application A&#39;s dependency cannot be<br />
cleared.<br />
<br />
This leads to application A hanging indefinitely while waiting for a<br />
dependency that will never be resolved. Fix this issue by ensuring that<br />
scheduled fences are properly signaled when an entity is killed, allowing<br />
dependent applications to continue execution.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.3 (including) | 6.6.96 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.36 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50
- https://git.kernel.org/stable/c/8342127a8a65b0673863b106ce32b79c91ae3270
- https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29
- https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df
- https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407