CVE-2025-38280

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel versions 6.15.0-rc4-syzkaller-00040-g8bac8898fe39

Description:

The Linux kernel contains a flaw within the bpf subsystem. Specifically, the issue arises when creating a bpf program and the fp->jit requested variable depends on bpf jit enable. This occurs when CONFIG BPF JIT ALWAYS ON is not set and bpf jit enable is set to 1, causing the architecture to attempt JIT compilation of the program. If JIT compilation fails due to fault injection, the program is incorrectly treated as valid, leading to a call to the bpf prog ret0 warn function and triggering a warning.

Recommendations:

Linux kernel version 6.15.0-rc4-syzkaller-00040-g8bac8898fe39: Ensure CONFIG BPF JIT ALWAYS ON is set, or if bpf jit enable is set to 1, verify that JIT compilation does not fail due to fault injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

AZL-64907

BDU:2025-09683

CVE-2025-38280

DLA-4328-1

DSA-5973-1

ECHO-640C-260F-9311

MGASA-2025-0218

MGASA-2025-0219

OESA-2025-1869

OESA-2025-1870

OESA-2025-1874

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38280

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 1447