CVE-2025-38528
BaseFortify
Publication date: 2025-08-16
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's BPF (Berkeley Packet Filter) subsystem where a specific format string "%p%" used in bprintf-like helper functions is not properly rejected. The BPF program using this format string causes a kernel warning at runtime because the format string processing incorrectly skips over the second '%' character, treating it as punctuation. This leads to an unsupported format string being processed, which triggers a kernel warning. The vulnerability is fixed by changing the processing to not skip punctuation, allowing the unsupported format string to be detected and rejected.
How can this vulnerability impact me? :
This vulnerability can cause kernel warnings and potentially unstable behavior when BPF programs use unsupported format strings like "%p%". While it does not explicitly mention exploitation or security breaches, improper handling of format strings in kernel code can lead to unexpected kernel behavior or crashes, which may affect system stability and reliability.