CVE-2025-22087

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-22087
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22087.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22087
Downstream
Published
2025-04-16T14:12:35.359Z
Modified
2026-03-09T23:55:59.258412Z
Summary
bpf: Fix array bounds error with may_goto
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix array bounds error with may_goto

maygoto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stacksize.

  1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly.

  2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it.

  3. For jitrequested cases, the execution of bpffunc also needs to be warned. So move the definition of function _bpfprogret0warn out of the macro definition CONFIGBPFJITALWAYSON.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22087.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
011832b97b311bb9e3c27945bc0d1089a14209c9
Fixed
19e6817f84000d0b06f09fd69ebd56217842c122
Fixed
4524b7febdd55fb99ae2e1f48db64019fa69e643
Fixed
1a86ae57b2600e5749f5f674e9d4296ac00c69a8
Fixed
6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22087.json"