-

CVE-2025-38528

EPSS 0.04%
Veröffentlicht 16.08.2025 11:12:21
Zuletzt bearbeitet 28.08.2025 15:15:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reject %p% format string in bprintf-like helpers

static const char fmt[] = "%p%";
    bpf_trace_printk(fmt, sizeof(fmt));

The above BPF program isn't rejected and causes a kernel warning at
runtime:

    Please remove unsupported %\x00 in format string
    WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0

This happens because bpf_bprintf_prepare skips over the second %,
detected as punctuation, while processing %p. This patch fixes it by
not skipping over punctuation. %\x00 is then processed in the next
iteration and rejected.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 97303e541e12f1fea97834ec64b98991e8775f39

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

Version < 61d5fa45ed13e42af14c7e959baba9908b8ee6d4

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

Version < e7be679124bae8cf4fa6e40d7e1661baddfb3289

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

Version < 6952aeace93f8c9ea01849efecac24dd3152c9c9

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

Version < 1c5f5fd47bbda17cb885fe6f03730702cd53d3f8

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

Version < f8242745871f81a3ac37f9f51853d12854fd0b58

Version 48cac3f4a96ddf08df8e53809ed066de0dc93915

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.13

Status affected

Version < 5.13

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.147

Status unaffected

Version <= 6.6.*

Version 6.6.100

Status unaffected

Version <= 6.12.*

Version 6.12.40

Status unaffected

Version <= 6.15.*

Version 6.15.8

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/61d5fa45ed13e42af14c7e959baba9908b8ee6d4

https://git.kernel.org/stable/c/e7be679124bae8cf4fa6e40d7e1661baddfb3289

https://git.kernel.org/stable/c/6952aeace93f8c9ea01849efecac24dd3152c9c9

https://git.kernel.org/stable/c/1c5f5fd47bbda17cb885fe6f03730702cd53d3f8

https://git.kernel.org/stable/c/f8242745871f81a3ac37f9f51853d12854fd0b58

https://git.kernel.org/stable/c/97303e541e12f1fea97834ec64b98991e8775f39

https://nvd.nist.gov/vuln/detail/CVE-2025-38528

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38528

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38528

EUVD