CVE-2025-38436
📋 TL;DR
A race condition in the Linux kernel's DRM scheduler can cause indefinite hangs when GPU jobs are killed. When application B's GPU entity is terminated, application A's jobs that depend on scheduled fences from B may wait forever for dependencies that will never be resolved. This affects Linux systems using the Direct Rendering Manager (DRM) subsystem for GPU scheduling.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System-wide denial of service where multiple GPU-dependent applications hang indefinitely, requiring system reboot to recover functionality.
Likely Case
Individual application hangs affecting GPU-accelerated workloads, causing service disruption for affected processes.
If Mitigated
Minor performance impact with proper job management and monitoring in place.
🎯 Exploit Status
Exploitation requires specific conditions with multiple applications using GPU scheduling and job dependencies.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel patches available at provided git.kernel.org references
Vendor Advisory: https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50
Restart Required: Yes
Instructions:
1. Apply kernel patches from git.kernel.org references
2. Recompile kernel if using custom build
3. Reboot system to load patched kernel
4. Verify DRM scheduler functionality
🔧 Temporary Workarounds
Limit GPU job dependencies
linuxConfigure applications to minimize cross-application GPU job dependencies
Application-specific configuration required
Monitor and restart hung processes
linuxImplement monitoring for GPU-dependent applications and restart if hanging
Implement process monitoring with tools like systemd, monit, or custom scripts
🧯 If You Can't Patch
- Isolate GPU workloads to single applications where possible
- Implement aggressive timeout policies for GPU operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and DRM scheduler code; vulnerable if using unpatched kernel with DRM schedulerCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes patches from git.kernel.org references; test GPU job killing scenarios📡 Detection & Monitoring
Log Indicators:
- GPU job timeouts
- Application hangs with GPU dependencies
- DRM scheduler error messages
Network Indicators:
- None - local kernel vulnerability
SIEM Query:
Process monitoring for hung GPU-dependent applications with extended runtime