CVE-2025-38723

MEDIUM EPSS 4.7%
Published Sep 4, 202510mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 4, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset - (cur_offset))" is a negative number, which is wrong. The final generated assembly are as follow. 54: bgeu $a2, $t1, -8 # 0x0000004c 58: addi.d $a6, $s5, -1 5c: bltz $a6, -16 # 0x0000004c 60: alsl.d $t2, $a2, $a1, 0x3 64: ld.d $t2, $t2, 264 68: beq $t2, $zero, -28 # 0x0000004c Before apply this patch, the follow test case will reveal soft lock issues. cd tools/testing/selftests/bpf/ ./test_progs --allow=tailcalls/tailcall_bpf2bpf_1 dmesg: watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥6.1  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.43
linuxlinux_kernel*≥6.13  –  <6.15.11
linuxlinux_kernel*≥6.16  –  <6.16.2
debiandebian_linux11.0any

References 8

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea
    Patch