CVE-2025-22048Linux vulnerability

5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 16

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test `calls: div by 0 in subprog` triggers a panic at the ld.bu instruction. The ld.bu insn is trying to load byte from memory address returned by the subprog. The subprog actually set the correct address at the a5 register (dedicated register for BPF return values). But at commit 73c359d1d356 ("LoongArch: BPF: Sign-extend return values") we also sign extended

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.1.1206.2+5
Debianlinux/linux_kernel< 6.12.25-1+1
CVEListV5linux/linux0c8d50501bc13cacecc19caaddc10db372592a397df2696256a034405d3c5a71b3a4c54725de4404+7
debiandebian/linux< linux 6.12.25-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-22048: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test `calls: di2025-04-16
GHSA
GHSA-4vfw-gvwq-xw7v: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test `calls:2025-04-16

📋Vendor Advisories

2
Red Hat
kernel: LoongArch: BPF: Don't override subprog's return value2025-04-16
Debian
CVE-2025-22048: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ...2025