CVE-2025-38280
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38280
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38280.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38280
- Downstream
- Related
- Published
- 2025-07-10T07:41:58.853Z
- Modified
- 2025-11-28T02:34:00.647638Z
- Summary
- bpf: Avoid __bpf_prog_ret0_warn when jit fails
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Avoid _bpfprogret0warn when jit fails
syzkaller reported an issue:
WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpfdispatchernopfunc include/linux/bpf.h:1316 [inline] _bpfprogrun include/linux/filter.h:718 [inline] bpfprogrun include/linux/filter.h:725 [inline] clsbpfclassify+0x74a/0x1110 net/sched/cls_bpf.c:105 ...
When creating bpf program, 'fp->jitrequested' depends on bpfjitenable. This issue is triggered because of CONFIGBPFJITALWAYSON is not set and bpfjitenable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULTINJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls
__bpf_prog_ret0_warnand triggers the WARNONONCE(1). - Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38280.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0b9bb52796b239de6792d0d68cdc6eb505ebff96
- https://git.kernel.org/stable/c/2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0
- https://git.kernel.org/stable/c/6f639c25bfad17d9fd7379ab91ff9678ea9aac85
- https://git.kernel.org/stable/c/86bc9c742426a16b52a10ef61f5b721aecca2344
- https://git.kernel.org/stable/c/e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66
- https://git.kernel.org/stable/c/ef92b96530d1731d9ac167bc7c193c683cd78fff
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38280.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38280
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfa9dd599b4dae841924b022768354cfde9affecbFixede7fb4ebee6e900899d2b2e5852c3e2eafcbcad66Fixedef92b96530d1731d9ac167bc7c193c683cd78fffFixed6f639c25bfad17d9fd7379ab91ff9678ea9aac85Fixed2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0Fixed0b9bb52796b239de6792d0d68cdc6eb505ebff96Fixed86bc9c742426a16b52a10ef61f5b721aecca2344
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected5124abda3060e2eab506fb14a27acadee3c3e396Last affected234646dcfc5f531c74ab20595e89eacd62e3611f