CVE-2025-38060

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the bpf verifier, where the copy verifier state() function should copy the loop entry field. If not copied, loop entry values from unrelated states could affect the env->cur state. Additionally, env->stack should not contain states with loop entry not equal to NULL. The fix has a verification performance impact for selftests, with significant negative impact for sched ext.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-371

Related Identifiers

AZL-63989

BDU:2026-03083

CVE-2025-38060

ECHO-4457-FD88-1E10

OESA-2025-1729

OESA-2025-1730

OESA-2025-1870

SUSE-SU-2025:02249-1

SUSE-SU-2025:02254-1

SUSE-SU-2025:02264-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02333-1

SUSE-SU-2025:02335-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:20475-1

SUSE-SU-2025:20483-1

SUSE-SU-2025:20493-1

SUSE-SU-2025:20498-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02249-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

SUSE-SU-2025_02335-1

SUSE-SU-2025_02538-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-38060

Weakness Enumeration

Related Identifiers

Affected Products

References · 3002