CVE-2025-38489
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38489
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38489.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38489
- Downstream
- Related
- Published
- 2025-07-28T12:15:30Z
- Modified
- 2025-08-30T18:49:01.420782Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Fix bpfarchtextpoke() with newaddr == NULL again
Commit 7ded842b356d ("s390/bpf: Fix bpfplt pointer arithmetic") has accidentally removed the critical piece of commit c730fce7c70c ("s390/bpf: Fix bpfarchtextpoke() with newaddr == NULL"), causing intermittent kernel panics in e.g. perf's onswitch() prog to reappear.
Restore the fix and add a comment.
- References
-
- https://git.kernel.org/stable/c/0c7b20f7785cfdd59403333612c90b458b12307c
- https://git.kernel.org/stable/c/6a5abf8cf182f577c7ae6c62f14debc9754ec986
- https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676b1b8c80ed60093c
- https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8d832a66358ef889
- https://security-tracker.debian.org/tracker/CVE-2025-38489
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1
Affected versions
6.*
6.12.38-1
6.12.41-1
6.12.43-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1