CVE-2025-38280

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38280
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38280.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38280
Downstream
Related
Published
2025-07-10T08:15:26Z
Modified
2025-08-12T21:01:37Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Avoid _bpfprogret0warn when jit fails

syzkaller reported an issue:

WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpfdispatchernopfunc include/linux/bpf.h:1316 [inline] _bpfprogrun include/linux/filter.h:718 [inline] bpfprogrun include/linux/filter.h:725 [inline] clsbpfclassify+0x74a/0x1110 net/sched/cls_bpf.c:105 ...

When creating bpf program, 'fp->jitrequested' depends on bpfjitenable. This issue is triggered because of CONFIGBPFJITALWAYSON is not set and bpfjitenable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULTINJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls __bpf_prog_ret0_warn and triggers the WARNONONCE(1).

References

Affected packages