-

CVE-2025-38285

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix WARN() in get_bpf_raw_tp_regs

syzkaller reported an issue:

WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861
Modules linked in:
CPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861
RSP: 0018:ffffc90003636fa8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81c6bc4c
RDX: ffff888032efc880 RSI: ffffffff81c6bc83 RDI: 0000000000000005
RBP: ffff88806a730860 R08: 0000000000000005 R09: 0000000000000003
R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: ffffc90003637008 R15: 0000000000000900
FS:  0000000000000000(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7baee09130 CR3: 0000000029f5a000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1934 [inline]
 bpf_get_stack_raw_tp+0x24/0x160 kernel/trace/bpf_trace.c:1931
 bpf_prog_ec3b2eefa702d8d3+0x43/0x47
 bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
 bpf_trace_run3+0x23f/0x5a0 kernel/trace/bpf_trace.c:2405
 __bpf_trace_mmap_lock_acquire_returned+0xfc/0x140 include/trace/events/mmap_lock.h:47
 __traceiter_mmap_lock_acquire_returned+0x79/0xc0 include/trace/events/mmap_lock.h:47
 __do_trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]
 trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]
 __mmap_lock_do_trace_acquire_returned+0x138/0x1f0 mm/mmap_lock.c:35
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:204 [inline]
 stack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157
 __bpf_get_stack+0x307/0xa10 kernel/bpf/stackmap.c:483
 ____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]
 bpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496
 ____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1941 [inline]
 bpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1931
 bpf_prog_ec3b2eefa702d8d3+0x43/0x47

Tracepoint like trace_mmap_lock_acquire_returned may cause nested call
as the corner case show above, which will be resolved with more general
method in the future. As a result, WARN_ON_ONCE will be triggered. As
Alexei suggested, remove the WARN_ON_ONCE first.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 44ebe361abb322d2afd77930fa767a99f271c4d1
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < 147ea936fc6fa8fe0c93f0df918803a5375ca535
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < ee90be48edb3dac612e0b7f5332482a9e8be2696
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < e167414beabb1e941fe563a96becc98627d5bdf6
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < 6d8f39875a10a194051c3eaefebc7ac06a34aaf3
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < c98cdf6795a36bca163ebb40411fef1687b9eb13
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < 18e8cbbae79cb35bdce8a01c889827b9799c762e
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version < 3880cdbed1c4607e378f58fa924c5d6df900d1d3
Version 9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99
Status affected
Version a7177b94aff4febe657fe31bb7e5ecdef72079f4
Status affected
Version 2a9fedc1ef4be2acb4fd4674f405c21c811e1505
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.2
Status affected
Version < 5.2
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.295
Status unaffected
Version <= 5.10.*
Version 5.10.239
Status unaffected
Version <= 5.15.*
Version 5.15.186
Status unaffected
Version <= 6.1.*
Version 6.1.142
Status unaffected
Version <= 6.6.*
Version 6.6.94
Status unaffected
Version <= 6.12.*
Version 6.12.34
Status unaffected
Version <= 6.15.*
Version 6.15.3
Status unaffected
Version <= *
Version 6.16
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String