CVE-2025-22087

EUVD-2025-11201
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix array bounds error with may_goto

may_goto uses an additional 8 bytes on the stack, which causes the
interpreters[] array to go out of bounds when calculating index by
stack_size.

1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT
cases, reject loading directly.

2. For non-JIT cases, calculating interpreters[idx] may still cause
out-of-bounds array access, and just warn about it.

3. For jit_requested cases, the execution of bpf_func also needs to be
warned. So move the definition of function __bpf_prog_ret0_warn out of
the macro definition CONFIG_BPF_JIT_ALWAYS_ON.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.9 ≤
𝑥
< 6.12.23
linuxlinux_kernel
6.13 ≤
𝑥
< 6.13.11
linuxlinux_kernel
6.14 ≤
𝑥
< 6.14.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.9-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
kernel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-abi-stablelists
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-doc
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-debug-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-64k-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-kvm
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-kvm
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-tools
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-tools-libs
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-tools-libs-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-uki-virt-addons
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-devel
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-modules
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
kernel-zfcpdump-modules-extra
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
libperf
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
perf
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
python3-perf
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
rtla
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
rv
RHEL 9
0:5.14.0-570.12.1.el9_6
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0