CVE-2025-39990 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier bug [1] where the helper func pointer could be NULL due to disabled config option. As Alexei suggested we could check on that in get_helper_proto directly. Marking tail_call helper func with BPF_PTR_POISON, because it is unused by design. [1] https://lore.kernel.org/oe-lkp/202507160818.68358831-lkp@intel.com

PUBLISHED Reserved 2025-04-16 | Published 2025-10-15 | Updated 2025-10-15 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 3d429cb1278e995e22995ef117fa96d223a67e93

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 6233715b4b714068d6c831d214a4e8792109875a

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e4414b01c1cd9887bbde92f946c1ba94e40d6d64

affected

Default status

affected

6.12.50

unaffected

6.16.10

unaffected

6.17

unaffected

References

git.kernel.org/...c/3d429cb1278e995e22995ef117fa96d223a67e93

git.kernel.org/...c/6233715b4b714068d6c831d214a4e8792109875a

git.kernel.org/...c/e4414b01c1cd9887bbde92f946c1ba94e40d6d64

cve.org (CVE-2025-39990)

nvd.nist.gov (CVE-2025-39990)

Download JSON