CVE-2025-38722 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2025-38722?

CVE-2025-38722 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's habanalabs driver export_dmabuf() function. It allows a local attacker to potentially escalate privileges or crash the system by exploiting a race condition between file descriptor installation and cleanup. Systems using habanalabs hardware acceleration (like AI/ML accelerators) with vulnerable kernel versions are affected.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's habanalabs driver export_dmabuf() function. It allows a local attacker to potentially escalate privileges or crash the system by exploiting a race condition between file descriptor installation and cleanup. Systems using habanalabs hardware acceleration (like AI/ML accelerators) with vulnerable kernel versions are affected.

💻 Affected Systems

Products:

Linux kernel with habanalabs driver enabled

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with habanalabs driver support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if habanalabs driver is loaded/enabled (typically requires specific AI/ML accelerator hardware like Gaudi/Goya processors). Most general-purpose systems won't have this driver loaded by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel memory corruption leading to system crash, or potential arbitrary code execution in kernel context.

🟠

Likely Case

Kernel panic causing system crash/denial-of-service, or privilege escalation to root if combined with other vulnerabilities.

🟢

If Mitigated

Limited to denial-of-service if proper access controls prevent local user access to habanalabs devices.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Local users or compromised applications can exploit this to gain elevated privileges or crash systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and race condition timing exploitation. The vulnerability is well-documented in the kernel commit messages, making exploitation more feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 33927f3d0ecdcff06326d6e4edb6166aed42811c, 40deceb38f9db759772d1c289c28fd2a543f57fc, 55c232d7e0241f1d5120b595e7a9de24c75ed3d8, c07886761fd6251db6938d4e747002e3d150d231

Vendor Advisory: https://git.kernel.org/stable/c/33927f3d0ecdcff06326d6e4edb6166aed42811c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels: apply the fix commits from kernel.org. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable habanalabs driver

linux

Prevent loading of vulnerable driver module if not needed

echo 'blacklist habanalabs' >> /etc/modprobe.d/blacklist-habanalabs.conf
rmmod habanalabs

Restrict device access

linux

Limit access to habanalabs device files to trusted users only

chmod 600 /dev/habanalabs*
chown root:root /dev/habanalabs*

🧯 If You Can't Patch

Disable habanalabs driver if not required for system functionality
Implement strict access controls to prevent unauthorized users from accessing habanalabs devices

🔍 How to Verify

Check if Vulnerable:

Check if habanalabs module is loaded: lsmod | grep habanalabs AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits AND habanalabs module functions correctly with dma-buf operations

📡 Detection & Monitoring

Log Indicators:

Kernel oops/panic messages related to habanalabs
Failed dma-buf operations in kernel logs
Unexpected process crashes with habanalabs device access

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("habanalabs" OR "UAF" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2025-38722

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3th percentile)

Published: September 4, 2025

Last Updated: November 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38722, you might also want to check these: