PT-2025-16688 · Linux+2 · Linux Kernel+2

Published

2025-03-30

Updated

2026-03-13

CVE-2025-22048

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the LoongArch architecture and the Berkeley Packet Filter (BPF). The issue occurs when a subprogram's return value is overridden, causing a panic at the ld.bu instruction. This happens because the return value is sign-extended to the a0 register, which is then propagated back to the a5 register, expecting a zero-extended return value. The problem arises from the difference in handling return values between native calls and BPF-to-BPF calls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

BDU:2026-03988

CVE-2025-22048

ECHO-7260-2C5D-ABF2

MGASA-2025-0142

MGASA-2025-0146

OESA-2025-1463

OESA-2025-1464

Affected Products

Astra Linux

Debian

Linux Kernel

PT-2025-16688 · Linux+2 · Linux Kernel+2

CVE-2025-22048

Weakness Enumeration

Related Identifiers

Affected Products

References · 66