CVE-2025-38202
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.19 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's bpf_map_lookup_percpu_elem() helper function used in sleepable BPF programs. When BPF JIT is disabled or on 32-bit hosts, this function is not inlined, which causes a warning because the BPF program only holds the rcu_read_lock_trace lock. The vulnerability was due to a missing check for rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem(), which has now been added to resolve the issue.
How can this vulnerability impact me? :
The vulnerability could lead to incorrect behavior or warnings in sleepable BPF programs using bpf_map_lookup_percpu_elem(), potentially causing stability or security issues in the Linux kernel when BPF JIT is disabled or on 32-bit hosts. This might affect systems relying on BPF for performance monitoring or security enforcement.