{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38436", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.016Z", "datePublished": "2025-07-25T14:32:09.945Z", "dateUpdated": "2025-07-28T11:16:59.090Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-28T11:16:59.090Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A's job depends on a\nscheduled fence from application B's job, and that fence is not properly\nsignaled during the killing process, application A's dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/scheduler/sched_entity.c"], "versions": [{"version": "a72ce6f84109c1dec1ab236d65979d3250668af3", "lessThan": "c5734f9bab6f0d40577ad0633af4090a5fda2407", "status": "affected", "versionType": "git"}, {"version": "a72ce6f84109c1dec1ab236d65979d3250668af3", "lessThan": "aefd0a935625165a6ca36d0258d2d053901555df", "status": "affected", "versionType": "git"}, {"version": "a72ce6f84109c1dec1ab236d65979d3250668af3", "lessThan": "aa382a8b6ed483e9812d0e63b6d1bdcba0186f29", "status": "affected", "versionType": "git"}, {"version": "a72ce6f84109c1dec1ab236d65979d3250668af3", "lessThan": "471db2c2d4f80ee94225a1ef246e4f5011733e50", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/scheduler/sched_entity.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.96", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.36", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.5", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.6.96"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.12.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.15.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407"}, {"url": "https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df"}, {"url": "https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29"}, {"url": "https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50"}], "title": "drm/scheduler: signal scheduled fence when kill job", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A's job depends on a\nscheduled fence from application B's job, and that fence is not properly\nsignaled during the killing process, application A's dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution."}], "id": "CVE-2025-38436", "lastModified": "2025-07-25T15:29:19.837", "metrics": {}, "published": "2025-07-25T15:15:29.000", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/scheduler: signal scheduled fence when kill job", "id": "2383470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383470"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/scheduler: signal scheduled fence when kill job\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A's job depends on a\nscheduled fence from application B's job, and that fence is not properly\nsignaled during the killing process, application A's dependency cannot be\ncleared.\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution."], "name": "CVE-2025-38436", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38436\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38436\nhttps://lore.kernel.org/linux-cve-announce/2025072512-CVE-2025-38436-8cb6@gregkh/T"], "threat_severity": "Moderate"}