Use-After-Free Vulnerability in Linux Kernel Affecting Xe Driver
CVE-2025-38703

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38703?

A vulnerability in the Xe driver of the Linux kernel allows for a use-after-free condition due to improper handling of dma-fences. When a user-space application closes the submit queue, the timeline name may be freed while still being referenced, potentially leading to undefined behavior on subsequent accesses. This flaw necessitates strict adherence to the newly defined dma-fence rules to ensure data integrity and system stability. Implementations must ensure a proper RCU grace period is maintained between fence signaling and freeing associated resources to mitigate this risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 683b0e397dad9f26a42dcacf6f7f545a77ce6c06

References

https://git.kernel.org/stable/c/b17fcce70733c211cb5dabf54...

https://git.kernel.org/stable/c/ba37807d08bae67de6139346a...

https://git.kernel.org/stable/c/683b0e397dad9f26a42dcacf6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025