PT-2025-31085 · Linux+5 · Linux Kernel+5

Published

2025-07-16

·

Updated

2026-04-20

·

CVE-2025-38489

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel related to the bpf arch text poke() function within the s390/bpf subsystem. A previous fix, introduced by commit c730fce7c70c, was inadvertently removed by commit 7ded842b356d, leading to potential kernel panics, such as those observed in perf’s on switch() program. The issue arises when new addr is NULL within the bpf arch text poke() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Improper Resource Release

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

BDU:2025-13515
CVE-2025-38489
DSA-5975-1
MGASA-2025-0218
MGASA-2025-0219
OESA-2026-1303
OESA-2026-1304
OESA-2026-1339
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu