CVE-2025-38528

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-38528

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38528.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38528

Downstream

AZL-66410

AZL-73557

BELL-CVE-2025-38528

DEBIAN-CVE-2025-38528

DLA-4328-1

ECHO-1198-0fc4-aa27

OESA-2025-2054

OESA-2025-2055

OESA-2025-2056

ROOT-OS-DEBIAN-12-CVE-2025-38528

ROOT-OS-DEBIAN-13-CVE-2025-38528

ROOT-OS-UBUNTU-2204-CVE-2025-38528

ROOT-OS-UBUNTU-2404-CVE-2025-38528

SUSE-SU-2025:03272-1

SUSE-SU-2025:03290-1

SUSE-SU-2025:03301-1

SUSE-SU-2025:03382-1

SUSE-SU-2025:03602-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20653-1

SUSE-SU-2025:20669-1

SUSE-SU-2025:20739-1

SUSE-SU-2025:20756-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

openSUSE-SU-2025:20081-1

Related

Published

2025-08-16T11:12:21.667Z

Modified

2026-05-18T05:56:18.951246333Z

Summary

bpf: Reject %p% format string in bprintf-like helpers

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reject %p% format string in bprintf-like helpers

static const char fmt[] = "%p%"; bpftraceprintk(fmt, sizeof(fmt));

The above BPF program isn't rejected and causes a kernel warning at runtime:

Please remove unsupported %\x00 in format string
WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0

This happens because bpfbprintfprepare skips over the second %, detected as punctuation, while processing %p. This patch fixes it by not skipping over punctuation. %\x00 is then processed in the next iteration and rejected.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38528.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

48cac3f4a96ddf08df8e53809ed066de0dc93915

Fixed

97303e541e12f1fea97834ec64b98991e8775f39

Fixed

61d5fa45ed13e42af14c7e959baba9908b8ee6d4

Fixed

e7be679124bae8cf4fa6e40d7e1661baddfb3289

Fixed

6952aeace93f8c9ea01849efecac24dd3152c9c9

Fixed

1c5f5fd47bbda17cb885fe6f03730702cd53d3f8

Fixed

f8242745871f81a3ac37f9f51853d12854fd0b58

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38528.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.13.0

Fixed

5.15.190

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.147

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.100

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.40

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38528.json"