CVE-2025-38280
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38280
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38280.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38280
- Downstream
- Related
- Published
- 2025-07-10T08:15:26Z
- Modified
- 2025-08-12T21:01:37Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Avoid _bpfprogret0warn when jit fails
syzkaller reported an issue:
WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpfdispatchernopfunc include/linux/bpf.h:1316 [inline] _bpfprogrun include/linux/filter.h:718 [inline] bpfprogrun include/linux/filter.h:725 [inline] clsbpfclassify+0x74a/0x1110 net/sched/cls_bpf.c:105 ...
When creating bpf program, 'fp->jitrequested' depends on bpfjitenable. This issue is triggered because of CONFIGBPFJITALWAYSON is not set and bpfjitenable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULTINJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls
__bpf_prog_ret0_warnand triggers the WARNONONCE(1). - References
-
- https://git.kernel.org/stable/c/0b9bb52796b239de6792d0d68cdc6eb505ebff96
- https://git.kernel.org/stable/c/2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0
- https://git.kernel.org/stable/c/6f639c25bfad17d9fd7379ab91ff9678ea9aac85
- https://git.kernel.org/stable/c/86bc9c742426a16b52a10ef61f5b721aecca2344
- https://git.kernel.org/stable/c/e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66
- https://git.kernel.org/stable/c/ef92b96530d1731d9ac167bc7c193c683cd78fff