CVE-2025-38436

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38436
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38436.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38436
Downstream
Related
Published
2025-07-25T14:32:09.945Z
Modified
2025-11-28T02:34:45.728761Z
Summary
drm/scheduler: signal scheduled fence when kill job
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/scheduler: signal scheduled fence when kill job

When an entity from application B is killed, drmschedentitykill() removes all jobs belonging to that entity through drmschedentitykilljobswork(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared.

This leads to application A hanging indefinitely while waiting for a dependency that will never be resolved. Fix this issue by ensuring that scheduled fences are properly signaled when an entity is killed, allowing dependent applications to continue execution.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38436.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a72ce6f84109c1dec1ab236d65979d3250668af3
Fixed
c5734f9bab6f0d40577ad0633af4090a5fda2407
Fixed
aefd0a935625165a6ca36d0258d2d053901555df
Fixed
aa382a8b6ed483e9812d0e63b6d1bdcba0186f29
Fixed
471db2c2d4f80ee94225a1ef246e4f5011733e50

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
6.6.96
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.36
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.5