dma-buf: insert memory barrier before updating num_fences
3Vexday Risk Score
No sign of exploitation. No public exploitation artifact known so far.
ssvc Trackepss 0.2%
exploitation probability
0.2%top 94% of all CVEs
observed exploitation
nono source reports it
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: insert memory barrier before updating num_fences
smp_store_mb() inserts memory barrier after storing operation.
It is different with what the comment is originally aiming so Null
pointer dereference can be happened if memory update is reordered.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/08680c4dadc6e736c75bc2409d833f03f9003c51https://git.kernel.org/stable/c/3becc659f9cb76b481ad1fb71f54d5c8d6332d3fhttps://git.kernel.org/stable/c/72c7d62583ebce7baeb61acce6057c361f73be4ahttps://git.kernel.org/stable/c/90eb79c4ed98a4e24a62ccf61c199ab0f680fa8fhttps://git.kernel.org/stable/c/c9d2b9a80d06a58f37e0dc8c827075639b443927https://git.kernel.org/stable/c/d0b7f11dd68b593bd970e5735be00e8d89bace30https://git.kernel.org/stable/c/fe1bebd0edb22e3536cbc920ec713331d1367ad4https://lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2025/10/msg00007.html