NULL Pointer Dereference Vulnerability in Linux Kernel Affecting DRM Components
CVE-2025-38673

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38673?

A vulnerability in the Linux kernel involves a NULL pointer dereference caused by the instability of the dma_buf field in the drm_gem_object struct. This issue arises when a user space releases the final GEM handle on the buffer object, leading to a NULL-pointer deref and potential system instability. Although previous workarounds attempted to address the problem, they were only partially effective, particularly affecting buffer objects without an associated DRM framebuffer.

Affected Version(s)

Linux cce16fcd7446dcff7480cd9d2b6417075ed81065

Linux cce16fcd7446dcff7480cd9d2b6417075ed81065 < 2712ca878b688682ac2ce02aefc413fc76019cd9

Linux 6.15

References

https://git.kernel.org/stable/c/e31f5a1c2cd38bf977736cdfa...

https://git.kernel.org/stable/c/2712ca878b688682ac2ce02ae...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025