CVE-2025-22087
HIGH EPSS 7.6%
Published Apr 16, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
Published Apr 16, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stack_size. 1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly. 2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it. 3. For jit_requested cases, the execution of bpf_func also needs to be warned. So move the definition of function __bpf_prog_ret0_warn out of the macro definition CONFIG_BPF_JIT_ALWAYS_ON.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
- git.kernel.org https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
- git.kernel.org https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
- git.kernel.org https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0
Remediation
- git.kernel.org https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
- git.kernel.org https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
- git.kernel.org https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
- git.kernel.org https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0