CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()

🗓️ 04 Sep 2025 15:33:15Reported by LinuxType

Habanalabs export_dmabuf() fix UAF by reserving descriptor before setup and delaying fd_install().

Reporter	Title	Published	Views	Family All 98
AstraLinux	Astra Linux – Vulnerability in Linux 5.10	3 May 202623:59	–	astralinux
Circl	CVE-2025-38722	4 Sep 202516:49	–	circl
CNNVD	Linux kernel 安全漏洞	4 Sep 202500:00	–	cnnvd
CVE	CVE-2025-38722	4 Sep 202515:33	–	cve
Debian CVE	CVE-2025-38722	4 Sep 202515:33	–	debiancve
EUVD	EUVD-2025-26747	3 Oct 202520:07	–	euvd
Microsoft CVE	habanalabs: fix UAF in export_dmabuf()	6 Sep 202501:11	–	mscve
NVD	CVE-2025-38722	4 Sep 202516:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20081-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:03600-1)	15 Dec 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/accel/habanalabs/common/memory.c"
    ],
    "versions": [
      {
        "version": "db1a8dd916aac986871f6b873a3aefad906f383a",
        "lessThan": "c07886761fd6251db6938d4e747002e3d150d231",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "db1a8dd916aac986871f6b873a3aefad906f383a",
        "lessThan": "40deceb38f9db759772d1c289c28fd2a543f57fc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "db1a8dd916aac986871f6b873a3aefad906f383a",
        "lessThan": "55c232d7e0241f1d5120b595e7a9de24c75ed3d8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "db1a8dd916aac986871f6b873a3aefad906f383a",
        "lessThan": "33927f3d0ecdcff06326d6e4edb6166aed42811c",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/accel/habanalabs/common/memory.c"
    ],
    "versions": [
      {
        "version": "5.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.16",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.43",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.15.11",
        "lessThanOrEqual": "6.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.2",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/40deceb38f9db759772d1c289c28fd2a543f57fc
git	www.git.kernel.org/stable/c/55c232d7e0241f1d5120b595e7a9de24c75ed3d8
git	www.git.kernel.org/stable/c/33927f3d0ecdcff06326d6e4edb6166aed42811c
git	www.git.kernel.org/stable/c/c07886761fd6251db6938d4e747002e3d150d231

11 May 2026 21:33Current

EPSS0.00025