The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Revert drm/gem-shmem: Use dma_buf from GEM object instance This reverts commit     1a148af06000e545e714fe3210af3d77ff903c11. The dma_buf field in struct drm_gem_object is not stable over     the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on     the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 (drm/gem:
    Acquire references on GEM handles for framebuffers) and commit f6bfc9afc751 (drm/framebuffer: Acquire     internal references on GEM handles) only solved the problem partially. They especially don't work for     buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using     .import_attach->dmabuf. v3: - cc stable (CVE-2025-38669)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-38669

high Nessus Plugin ID 260299

Version 1.2

Version 1.1

Version 1.2 Sep 5, 2025, 7:39 AM CVSS metrics ("CVSSv2 score" set to 7.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on CVE-2025-38669, severity increased from "Medium" to "High") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202509050739
Version 1.1 Sep 2, 2025, 3:13 PM New Plugin Feed: 202509021513