AZL-66791

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66791.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66791

Upstream

CVE-2025-38723

Published

2025-09-04T16:15:42Z

Modified

2026-04-01T05:21:03.418457Z

Summary

CVE-2025-38723 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: BPF: Fix jump offset calculation in tailcall

The extra pass of bpfintjitcompile() skips JIT context initialization which essentially skips offset calculation leaving outoffset = -1, so the jmpoffset in emitbpftailcall is calculated by

"#define jmpoffset (outoffset - (cur_offset))"

is a negative number, which is wrong. The final generated assembly are as follow.

54: bgeu $a2, $t1, -8 # 0x0000004c 58: addi.d $a6, $s5, -1 5c: bltz $a6, -16 # 0x0000004c 60: alsl.d $t2, $a2, $a1, 0x3 64: ld.d $t2, $t2, 264 68: beq $t2, $zero, -28 # 0x0000004c

Before apply this patch, the follow test case will reveal soft lock issues.

cd tools/testing/selftests/bpf/ ./testprogs --allow=tailcalls/tailcallbpf2bpf_1

dmesg: watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38723

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66791.json"