Use After Free Vulnerability in Linux Kernel Affecting Habanalabs
CVE-2025-38722
What is CVE-2025-38722?
A use-after-free vulnerability exists in the Habanalabs component of the Linux kernel, specifically in the export_dmabuf() function. This issue arises when a file reference is inserted into the descriptor table, and another thread closes it, leading to potential access of destroyed objects after closure. This can occur in the dma_buf_fd() function, which reserves a descriptor and proceeds to access objects that may have already been released. The vulnerability was addressed by restructuring the sequence of events; now the descriptor is reserved before other accesses take place, ensuring that fd_install() is safely called afterwards. This fix enhances system stability and mitigates risks associated with the handling of file descriptors.
Affected Version(s)
Linux db1a8dd916aac986871f6b873a3aefad906f383a
Linux db1a8dd916aac986871f6b873a3aefad906f383a < 40deceb38f9db759772d1c289c28fd2a543f57fc
Linux db1a8dd916aac986871f6b873a3aefad906f383a < 55c232d7e0241f1d5120b595e7a9de24c75ed3d8