CVE-2025-38607 in Linuxالمعلومات

الملخص

بحسب MITRE • 19/08/2025

In the Linux kernel, the following vulnerability has been resolved:

bpf: handle jset (if a & b ...) as a jump in CFG computation

BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation.

E.g. in the following example:

1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit;

W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).

If you want to get best quality of vulnerability data, you may have to visit VulDB.

مسؤول

Linux

حجز

16/04/2025

إفشاء

19/08/2025

الاعتدال

تمت الموافقة

إدخال

VDB-320631

EPSS

0.00134

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you know our Splunk app?

Download it now for free!