CVE-2025-38202 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-04 | Updated 2025-11-03 | Assigner Linux

Product status

Default status

unaffected

07343110b293456d30393e89b86c4dee1ac051c8 (git) before 2f8c69a72e8ad87b36b8052f789da3cc2b2e186c

affected

07343110b293456d30393e89b86c4dee1ac051c8 (git) before 7bf4461f1c97207fda757014690d55a447ce859f

affected

07343110b293456d30393e89b86c4dee1ac051c8 (git) before 2d834477bbc1e8b8a59ff8b0c081529d6bed7b22

affected

07343110b293456d30393e89b86c4dee1ac051c8 (git) before b522d4d334f206284b1a44b0b0b2f99fd443b39b

affected

07343110b293456d30393e89b86c4dee1ac051c8 (git) before d4965578267e2e81f67c86e2608481e77e9c8569

affected

Default status

affected

5.19

affected

Any version before 5.19

unaffected

6.1.142 (semver)

unaffected

6.6.95 (semver)

unaffected

6.12.35 (semver)

unaffected

6.15.4 (semver)

unaffected

6.16 (original_commit_for_fix)

unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00008.html

git.kernel.org/...c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c

git.kernel.org/...c/7bf4461f1c97207fda757014690d55a447ce859f

git.kernel.org/...c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22

git.kernel.org/...c/b522d4d334f206284b1a44b0b0b2f99fd443b39b

git.kernel.org/...c/d4965578267e2e81f67c86e2608481e77e9c8569

cve.org (CVE-2025-38202)

nvd.nist.gov (CVE-2025-38202)

Download JSON

help @ threatint.eu