-

CVE-2025-38723

EPSS 0.04%
Published 04.09.2025 15:33:16
Last modified 05.09.2025 17:47:24
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: BPF: Fix jump offset calculation in tailcall

The extra pass of bpf_int_jit_compile() skips JIT context initialization
which essentially skips offset calculation leaving out_offset = -1, so
the jmp_offset in emit_bpf_tail_call is calculated by

"#define jmp_offset (out_offset - (cur_offset))"

is a negative number, which is wrong. The final generated assembly are
as follow.

54:	bgeu        	$a2, $t1, -8	    # 0x0000004c
58:	addi.d      	$a6, $s5, -1
5c:	bltz        	$a6, -16	    # 0x0000004c
60:	alsl.d      	$t2, $a2, $a1, 0x3
64:	ld.d        	$t2, $t2, 264
68:	beq         	$t2, $zero, -28	    # 0x0000004c

Before apply this patch, the follow test case will reveal soft lock issues.

cd tools/testing/selftests/bpf/
./test_progs --allow=tailcalls/tailcall_bpf2bpf_1

dmesg:
watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]

Affected products Warnungen 0 Metrics 1 CWE 0 References 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 1a782fa32e644aa9fbae6c8488f3e61221ac96e1

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

Version < 17c010fe45def335fe03a0718935416b04c7f349

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

Version < f83d469e16bb1f75991ca67c56786fb2aaa42bea

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

Version < f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

Version < 9262e3e04621558e875eb5afb5e726b648cd5949

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

Version < cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3

Version 5dc615520c4dfb358245680f1904bad61116648e

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.1

Status affected

Version < 6.1

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.43

Status unaffected

Version <= 6.15.*

Version 6.15.11

Status unaffected

Version <= 6.16.*

Version 6.16.2

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.092

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1

https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349

https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea

https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f

https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949

https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3

https://nvd.nist.gov/vuln/detail/CVE-2025-38723

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38723

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38723

EUVD