CVE-2025-38339Linux vulnerability

17 documents6 sources
Severity
5.5MEDIUMNVD
OSV5.6
EPSS
0.0%
top 90.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJul 10
Latest updateNov 4

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline JIT code depends on where the final image is located. So, the size arrived at with the dummy pass in arch_bpf_trampoline_size() can vary from the actual size needed in arch_prepare_bpf_trampoline

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.136.15.4
CVEListV5linux/linuxd243b62b7bd3d5314382d3b54e4992226245e9367833deb95e05bec146414b3a2feb24f025ca27c0+2
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-hwe-6.14 vulnerabilities2025-11-04
OSV
linux-gcp-6.14 vulnerabilities2025-10-31
OSV
linux-aws-6.14 vulnerabilities2025-10-24
OSV
linux-realtime-6.14 vulnerabilities2025-10-22
OSV
linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14 vulnerabilities2025-10-22

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2025-11-04
Ubuntu
Linux kernel (GCP) vulnerabilities2025-10-31
Ubuntu
Linux kernel (AWS) vulnerabilities2025-10-24
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-22
Ubuntu
Linux kernel (Real-time) vulnerabilities2025-10-22
CVE-2025-38339 — Linux vulnerability | cvebase