CVE-2025-38723Linux vulnerability

7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 4
Latest updateSep 9

Description

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset - (cur_offset))" is a negative number, which is wrong. The final generated assembly are as follow. 54: bgeu $a2, $t1, -8 # 0x0000004c 58: add

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.16.1.149+4
Debianlinux/linux_kernel< 6.1.153-1+2
CVEListV5linux/linux5dc615520c4dfb358245680f1904bad61116648e1a782fa32e644aa9fbae6c8488f3e61221ac96e1+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-wvjq-jmp5-gvcr: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_in2025-09-05
OSV
CVE-2025-38723: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_2025-09-04
CVEList
LoongArch: BPF: Fix jump offset calculation in tailcall2025-09-04

📋Vendor Advisories

3
Microsoft
LoongArch: BPF: Fix jump offset calculation in tailcall2025-09-09
Red Hat
kernel: LoongArch: BPF: Fix jump offset calculation in tailcall2025-09-04
Debian
CVE-2025-38723: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ...2025
CVE-2025-38723 — Linux vulnerability | cvebase