-
CVE-2025-38280
- EPSS 0.04%
- Veröffentlicht 10.07.2025 07:41:58
- Zuletzt bearbeitet 10.07.2025 13:17:30
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105 ... When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable. This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULT_INJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls `__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version <
ef92b96530d1731d9ac167bc7c193c683cd78fff
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version <
6f639c25bfad17d9fd7379ab91ff9678ea9aac85
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version <
2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version <
0b9bb52796b239de6792d0d68cdc6eb505ebff96
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version <
86bc9c742426a16b52a10ef61f5b721aecca2344
Version
fa9dd599b4dae841924b022768354cfde9affecb
Status
affected
Version
5124abda3060e2eab506fb14a27acadee3c3e396
Status
affected
Version
234646dcfc5f531c74ab20595e89eacd62e3611f
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.16
Status
affected
Version <
4.16
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.186
Status
unaffected
Version <=
6.1.*
Version
6.1.142
Status
unaffected
Version <=
6.6.*
Version
6.6.94
Status
unaffected
Version <=
6.12.*
Version
6.12.34
Status
unaffected
Version <=
6.15.*
Version
6.15.3
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.04% | 0.098 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|