CVE-2025-38586

19.08.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Fix fp initialization for exception boundary

In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF
program, find_used_callee_regs() is not called because for a program
acting as exception boundary, all callee saved registers are saved.
find_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP
being used in any of the instructions.

For programs acting as exception boundary, ctx->fp_used remains false
even if frame pointer is used by the program and therefore, FP is not
set-up for such programs in the prologue. This can cause the kernel to
crash due to a pagefault.

Fix it by setting ctx->fp_used = true for exception boundary programs as
fp is always saved in such programs.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.
Published: 2025-08-19T22:00:00+00:00

References

https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321

https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce

https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35

https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422