CVE-2025-68216
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problems: * The `bpf_selftests/module_attach` test fails consistently. * Kernel lockup when a BPF program is attached to a module function [1]. * Critical kernel modules like WireGuard experience traffic disruption when their functions are traced with fentry [2]. Given the severity and the potential for other unknown side-effects, it is safest to disable the feature entirely for now. This patch prevents the BPF subsystem from allowing trampoline attachments to kernel module functions on LoongArch. This is a temporary mitigation until the core issues in the trampoline code for kernel module handling can be identified and fixed. [root@fedora bpf]# ./test_progs -a module_attach -v bpf_testmod.ko is already unloaded. Loading bpf_testmod.ko... Successfully loaded bpf_testmod.ko. test_module_attach:PASS:skel_open 0 nsec test_module_attach:PASS:set_attach_target 0 nsec test_module_attach:PASS:set_attach_target_explicit 0 nsec test_module_attach:PASS:skel_load 0 nsec libbpf: prog 'handle_fentry': failed to attach: -ENOTSUPP libbpf: prog 'handle_fentry': failed to auto-attach: -ENOTSUPP test_module_attach:FAIL:skel_attach skeleton attach failed: -524 Summary: 0/0 PASSED, 0 SKIPPED, 1 FAILED Successfully unloaded bpf_testmod.ko. [1]: https://lore.kernel.org/loongarch/CAK3+h2wDmpC-hP4u4pJY8T-yfKyk4yRzpu2LMO+C13FMT58oqQ@mail.gmail.com/ [2]: https://lore.kernel.org/loongarch/CAK3+h2wYcpc+OwdLDUBvg2rF9rvvyc5amfHT-KcFaK93uoELPg@mail.gmail.com/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68216
EUVD
EUVD-2025-203680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects the LoongArch architecture in the Linux kernel's BPF (Berkeley Packet Filter) trampoline implementation. The trampoline feature, which is used for tracing kernel module functions, is incompatible with kernel modules on LoongArch. This incompatibility causes severe issues such as test failures, kernel lockups when attaching BPF programs to module functions, and disruption of critical kernel modules like WireGuard when their functions are traced. To mitigate these problems, the feature has been disabled temporarily until a proper fix is developed.


How can this vulnerability impact me? :

If you are using the LoongArch architecture with the Linux kernel, this vulnerability can cause serious problems including kernel lockups when BPF programs are attached to kernel module functions, failure of BPF self-tests, and disruption of important kernel modules such as WireGuard, which may lead to network traffic interruptions. These issues can affect system stability and the functionality of critical services relying on kernel modules.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running the BPF selftests, specifically the module_attach test, which fails consistently if the vulnerability is present. You can use the command: ./test_progs -a module_attach -v. The test output will show failures such as 'libbpf: prog 'handle_fentry': failed to attach: -ENOTSUPP' and 'test_module_attach:FAIL:skel_attach skeleton attach failed: -524', indicating the presence of the issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to disable the BPF trampoline feature for kernel module function tracing on LoongArch architectures. This is the approach taken by the patch that prevents the BPF subsystem from allowing trampoline attachments to kernel module functions. Until a proper fix is implemented, disabling this feature avoids kernel lockups and traffic disruptions in critical modules like WireGuard.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart