CVE-2025-38528
published 2025-08-16CVE-2025-38528: In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt[] = "%p%"…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject %p% format string in bprintf-like helpers
static const char fmt[] = "%p%";
bpf_trace_printk(fmt, sizeof(fmt));
The above BPF program isn't rejected and causes a kernel warning at
runtime:
Please remove unsupported %\x00 in format string
WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0
This happens because bpf_bprintf_prepare skips over the second %,
detected as punctuation, while processing %p. This patch fixes it by
not skipping over punctuation. %\x00 is then processed in the next
iteration and rejected.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 97303e541e12f1fea97834ec64b98991e8775f39 | 97303e541e12f1fea97834ec64b98991e8775f39 |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 61d5fa45ed13e42af14c7e959baba9908b8ee6d4 | 61d5fa45ed13e42af14c7e959baba9908b8ee6d4 |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < e7be679124bae8cf4fa6e40d7e1661baddfb3289 | e7be679124bae8cf4fa6e40d7e1661baddfb3289 |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 6952aeace93f8c9ea01849efecac24dd3152c9c9 | 6952aeace93f8c9ea01849efecac24dd3152c9c9 |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 1c5f5fd47bbda17cb885fe6f03730702cd53d3f8 | 1c5f5fd47bbda17cb885fe6f03730702cd53d3f8 |
| linux | linux | >= 48cac3f4a96ddf08df8e53809ed066de0dc93915 < f8242745871f81a3ac37f9f51853d12854fd0b58 | f8242745871f81a3ac37f9f51853d12854fd0b58 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.41-1 | 6.12.41-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.13 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.147 | 6.1.147 |
| linux | linux_kernel | >= 6.13 < 6.15.8 | 6.15.8 |
| linux | linux_kernel | >= 6.2 < 6.6.100 | 6.6.100 |
| linux | linux_kernel | >= 6.7 < 6.12.40 | 6.12.40 |
| msrc | azl3_kernel_6.6.96.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-aws | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM