CVE-2025-37939
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37939
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37939.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37939
- Downstream
- Published
- 2025-05-20T15:34:41Z
- Modified
- 2025-10-18T01:16:34.303326Z
- Summary
- libbpf: Fix accessing BTF.ext core_relo header
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
libbpf: Fix accessing BTF.ext core_relo header
Update btfextparseinfo() to ensure the corerelo header is present before reading its fields. This avoids a potential buffer read overflow reported by the OSS Fuzz project.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcf579164e9ea9cd41c7c1da931683a319d224890Fixedd529411ec44535308c5d59cbeff74be6fe14b479
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcf579164e9ea9cd41c7c1da931683a319d224890Fixed3a67f60f0a8be10cea7a884a1a00e9feb6645657
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcf579164e9ea9cd41c7c1da931683a319d224890Fixed0a7c2a84359612e54328aa52030eb202093da6e2
Affected versions
v6.*
v6.12
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2025-37939-131fa3bb",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a67f60f0a8be10cea7a884a1a00e9feb6645657",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"30269530272493952544447009458279319530",
"2774692260191860548966096497486384197",
"250098519075585292705427244535967619260",
"229319044494283288334982407998219217763",
"174821103103308532108706133079832769499",
"178943804986205301877838970309256681714",
"47316929947374746206467224092531656121",
"336367167060892387175118617708321360628"
]
}
},
{
"deprecated": false,
"id": "CVE-2025-37939-8e7dd3b1",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a7c2a84359612e54328aa52030eb202093da6e2",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c",
"function": "btf_ext_parse_info"
},
"digest": {
"function_hash": "121825829268640587953074213286444880832",
"length": 949.0
}
},
{
"deprecated": false,
"id": "CVE-2025-37939-b7ed53cc",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d529411ec44535308c5d59cbeff74be6fe14b479",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c",
"function": "btf_ext_parse_info"
},
"digest": {
"function_hash": "121825829268640587953074213286444880832",
"length": 949.0
}
},
{
"deprecated": false,
"id": "CVE-2025-37939-ce670261",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a7c2a84359612e54328aa52030eb202093da6e2",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"30269530272493952544447009458279319530",
"2774692260191860548966096497486384197",
"250098519075585292705427244535967619260",
"229319044494283288334982407998219217763",
"174821103103308532108706133079832769499",
"178943804986205301877838970309256681714",
"47316929947374746206467224092531656121",
"336367167060892387175118617708321360628"
]
}
},
{
"deprecated": false,
"id": "CVE-2025-37939-df818c43",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a67f60f0a8be10cea7a884a1a00e9feb6645657",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c",
"function": "btf_ext_parse_info"
},
"digest": {
"function_hash": "121825829268640587953074213286444880832",
"length": 949.0
}
},
{
"deprecated": false,
"id": "CVE-2025-37939-fc21ae3e",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d529411ec44535308c5d59cbeff74be6fe14b479",
"signature_version": "v1",
"target": {
"file": "tools/lib/bpf/btf.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"30269530272493952544447009458279319530",
"2774692260191860548966096497486384197",
"250098519075585292705427244535967619260",
"229319044494283288334982407998219217763",
"174821103103308532108706133079832769499",
"178943804986205301877838970309256681714",
"47316929947374746206467224092531656121",
"336367167060892387175118617708321360628"
]
}
}
]