CVE-2025-38012
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | 6.15 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's BPF iterator implementation. Specifically, the function bpf_iter_scx_dsq_new() may fail to properly initialize an iterator after an error occurs. Because BPF programs can call next() and destroy() on iterators even if new() returns an error, the iterator can be left in an uninitialized state. This causes bpf_iter_scx_dsq_next() to dereference invalid or garbage data, potentially leading to undefined behavior or crashes. The fix ensures that bpf_iter_scx_dsq_new() always clears the iterator state so that subsequent calls to next() and destroy() do nothing if initialization failed.
How can this vulnerability impact me? :
This vulnerability can lead to the Linux kernel dereferencing invalid memory when BPF iterators are used after a failed initialization. This may cause kernel crashes, instability, or potentially allow attackers to exploit the kernel's behavior for privilege escalation or denial of service. The impact depends on whether untrusted BPF programs can trigger this condition on the affected system.