CVE-2025-37893
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/04/2025
Last modified:
01/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
LoongArch: BPF: Fix off-by-one error in build_prologue()<br />
<br />
Vincent reported that running BPF progs with tailcalls on LoongArch<br />
causes kernel hard lockup. Debugging the issues shows that the JITed<br />
image missing a jirl instruction at the end of the epilogue.<br />
<br />
There are two passes in JIT compiling, the first pass set the flags and<br />
the second pass generates JIT code based on those flags. With BPF progs<br />
mixing bpf2bpf and tailcalls, build_prologue() generates N insns in the<br />
first pass and then generates N+1 insns in the second pass. This makes<br />
epilogue_offset off by one and we will jump to some unexpected insn and<br />
cause lockup. Fix this by inserting a nop insn.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.134 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.87 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/205a2182c51ffebaef54d643e3745e720cded08b
- https://git.kernel.org/stable/c/48b904de2408af5f936f0e03f48dfcddeab58aa0
- https://git.kernel.org/stable/c/7e2586991e36663c9bc48c828b83eab180ad30a9
- https://git.kernel.org/stable/c/b3ffad2f02db4aace6799fe0049508b8925eae45
- https://git.kernel.org/stable/c/c74d95a5679741ef428974ab788f5b0758dc78ae