CVE-2025-22087

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stack_size. 1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly. 2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it. 3. For jit_requested cases, the execution of bpf_func also needs to be warned. So move the definition of function __bpf_prog_ret0_warn out of the macro definition CONFIG_BPF_JIT_ALWAYS_ON.

Reserved 2024-12-29 | Published 2025-04-16 | Updated 2025-04-16 | Assigner Linux

Product status

Default status
unaffected

011832b97b311bb9e3c27945bc0d1089a14209c9 before 19e6817f84000d0b06f09fd69ebd56217842c122
affected

011832b97b311bb9e3c27945bc0d1089a14209c9 before 4524b7febdd55fb99ae2e1f48db64019fa69e643
affected

011832b97b311bb9e3c27945bc0d1089a14209c9 before 1a86ae57b2600e5749f5f674e9d4296ac00c69a8
affected

011832b97b311bb9e3c27945bc0d1089a14209c9 before 6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0
affected

Default status
affected

6.9
affected

Any version before 6.9
unaffected

6.12.23
unaffected

6.13.11
unaffected

6.14.2
unaffected

6.15-rc1
unaffected

References

git.kernel.org/...c/19e6817f84000d0b06f09fd69ebd56217842c122

git.kernel.org/...c/4524b7febdd55fb99ae2e1f48db64019fa69e643

git.kernel.org/...c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8

git.kernel.org/...c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0

cve.org (CVE-2025-22087)

nvd.nist.gov (CVE-2025-22087)

Download JSON