CVE-2025-38436

In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinitely while waiting for a dependency that will never be resolved. Fix this issue by ensuring that scheduled fences are properly signaled when an entity is killed, allowing dependent applications to continue execution.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50	Patch
https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29	Patch
https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df	Patch
https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

19 Nov 2025, 18:09

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50 -~~	() https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50 - Patch
References	~~() https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29 -~~	() https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29 - Patch
References	~~() https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df -~~	() https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df - Patch
References	~~() https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407 -~~	() https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/scheduler: señal de valla programada al finalizar un trabajo. Cuando se finaliza una entidad de la aplicación B, drm_sched_entity_kill() elimina todos los trabajos pertenecientes a esa entidad mediante drm_sched_entity_kill_jobs_work(). Si el trabajo de la aplicación A depende de una valla programada del trabajo de la aplicación B, y dicha valla no se señaliza correctamente durante el proceso de finalización, no se puede eliminar la dependencia de la aplicación A. Esto provoca que la aplicación A se cuelgue indefinidamente mientras espera una dependencia que nunca se resolverá. Solucione este problema asegurándose de que las vallas programadas se señalicen correctamente cuando se finaliza una entidad, lo que permite que las aplicaciones dependientes continúen su ejecución.
CWE		CWE-667
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

25 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-25 15:15

Updated : 2025-11-19 18:09

NVD link : CVE-2025-38436

Mitre link : CVE-2025-38436

CVE.ORG link : CVE-2025-38436

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

5.5 /10