CVE-2025-38280
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105 ... When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable. This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULT_INJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls `__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38280
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.142 (inc)
debian debian_linux 11.0
linux linux_kernel 6.15.0-rc4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's BPF (Berkeley Packet Filter) subsystem. When creating a BPF program, if the configuration option CONFIG_BPF_JIT_ALWAYS_ON is not set but bpf_jit_enable is set to 1, the system attempts to Just-In-Time (JIT) compile the BPF program. However, if the JIT compilation fails due to fault injection, the program is incorrectly treated as valid. When the program runs, it calls a warning function __bpf_prog_ret0_warn, which triggers a warning (WARN_ON_ONCE). This indicates improper handling of JIT failures leading to potential kernel warnings or instability.


How can this vulnerability impact me? :

This vulnerability can cause kernel warnings and potentially instability or unexpected behavior when running BPF programs that fail JIT compilation. Since the program is incorrectly treated as valid despite JIT failure, it may lead to unexpected kernel warnings or errors, which could affect system reliability or performance.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for warnings related to __bpf_prog_ret0_warn. You can check the kernel log messages using the command: dmesg | grep __bpf_prog_ret0_warn. Additionally, monitoring for WARN_ON_ONCE(1) triggers related to BPF JIT failures may help identify the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include ensuring that the kernel configuration option CONFIG_BPF_JIT_ALWAYS_ON is set, or disabling bpf_jit_enable to prevent the kernel from attempting to JIT compile BPF programs when it may fail. Applying the kernel patch that fixes this issue is also recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart