| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071009-CVE-2025-38280-86b4@gregkh> Date: Thu, 10 Jul 2025 09:42:21 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38280: bpf: Avoid __bpf_prog_ret0_warn when jit fails From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105 ... When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable. This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULT_INJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls `__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1). The Linux kernel CVE team has assigned CVE-2025-38280 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 5.15.186 with commit e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66 Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 6.1.142 with commit ef92b96530d1731d9ac167bc7c193c683cd78fff Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 6.6.94 with commit 6f639c25bfad17d9fd7379ab91ff9678ea9aac85 Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 6.12.34 with commit 2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0 Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 6.15.3 with commit 0b9bb52796b239de6792d0d68cdc6eb505ebff96 Issue introduced in 4.16 with commit fa9dd599b4dae841924b022768354cfde9affecb and fixed in 6.16-rc1 with commit 86bc9c742426a16b52a10ef61f5b721aecca2344 Issue introduced in 4.9.190 with commit 5124abda3060e2eab506fb14a27acadee3c3e396 Issue introduced in 4.14.140 with commit 234646dcfc5f531c74ab20595e89eacd62e3611f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38280 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/bpf/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66 https://git.kernel.org/stable/c/ef92b96530d1731d9ac167bc7c193c683cd78fff https://git.kernel.org/stable/c/6f639c25bfad17d9fd7379ab91ff9678ea9aac85 https://git.kernel.org/stable/c/2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0 https://git.kernel.org/stable/c/0b9bb52796b239de6792d0d68cdc6eb505ebff96 https://git.kernel.org/stable/c/86bc9c742426a16b52a10ef61f5b721aecca2344
Powered by blists - more mailing lists