CVE-2025-22087

HIGH EPSS 7.6%
Published Apr 16, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Apr 16, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stack_size. 1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly. 2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it. 3. For jit_requested cases, the execution of bpf_func also needs to be warned. So move the definition of function __bpf_prog_ret0_warn out of the macro definition CONFIG_BPF_JIT_ALWAYS_ON.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.9  –  <6.12.23
linuxlinux_kernel*≥6.13  –  <6.13.11
linuxlinux_kernel*≥6.14  –  <6.14.2

References 4

  • git.kernel.org https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0
    Patch