CVE-2025-38607
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-11-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's BPF (Berkeley Packet Filter) verifier. The issue is that the verifier does not correctly handle the BPF_JSET instruction, which is a conditional jump based on a bitwise AND operation. Because the verifier's function can_jump() does not recognize BPF_JSET as a jump, it can miss certain jump paths in the control flow graph (CFG). This leads to incorrect computation of live registers and SCC (Strongly Connected Components), potentially causing the verifier to incorrectly analyze the program's behavior.
How can this vulnerability impact me? :
This vulnerability can cause the BPF verifier to incorrectly analyze BPF programs by missing certain jump paths. As a result, it may fail to mark some registers as live when they actually are, which could lead to incorrect program verification. This might allow malformed or malicious BPF programs to be accepted by the kernel, potentially leading to unexpected behavior or security issues within the kernel or applications relying on BPF.