5.5 CVE-2025-38607

Enriched by CISA Patch
 

In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).
https://nvd.nist.gov/vuln/detail/CVE-2025-38607

Categories

CWE-NVD-noinfo

References


 

AFFECTED (from MITRE)

Vendor Product Versions
Linux Linux
  • 14c8552db64476ffc27c13dc6652fc0dac31c0ba < 65eb166b8636365ad3d6e36d50a7c5edfe6cc66e [affected]
  • 14c8552db64476ffc27c13dc6652fc0dac31c0ba < 261b30ad1516f4b9edd500aa6e8d6315c8fc109a [affected]
  • 14c8552db64476ffc27c13dc6652fc0dac31c0ba < 3157f7e2999616ac91f4d559a8566214f74000a5 [affected]
Linux Linux
  • 6.15 [affected]
  • < 6.15 [unaffected]
  • 6.15.10 ≤ 6.15.* [unaffected]
  • 6.16.1 ≤ 6.16.* [unaffected]
  • 6.17 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.15 < 6.15.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.16 < 6.16.1

REMEDIATION

Patch

Url
https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a
https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5
https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e

EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry