CVE-2025-38586
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not called because for a program acting as exception boundary, all callee saved registers are saved. find_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP being used in any of the instructions. For programs acting as exception boundary, ctx->fp_used remains false even if frame pointer is used by the program and therefore, FP is not set-up for such programs in the prologue. This can cause the kernel to crash due to a pagefault. Fix it by setting ctx->fp_used = true for exception boundary programs as fp is always saved in such programs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2025-11-26
Generated
2026-05-27
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38586
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's ARM64 BPF JIT compiler. When a BPF program is marked as an exception boundary, the function find_used_callee_regs() is not called, which normally detects if the frame pointer (FP) is used. Because of this, the kernel does not set up the FP properly in the program's prologue, even if the FP is used. This improper setup can cause the kernel to crash due to a page fault. The fix involves explicitly setting the FP usage flag for exception boundary programs since the FP is always saved in such cases.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a page fault when running certain BPF programs on ARM64 architectures. Such crashes can lead to system instability, potential denial of service, and disruption of services relying on the kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart