CVE-2025-38723
Published: Sep 4, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset - (cur_offset))" is a negative number, which is wrong. The final generated assembly are as follow. 54: bgeu $a2, $t1, -8 # 0x0000004c 58: addi.d $a6, $s5, -1 5c: bltz $a6, -16 # 0x0000004c 60: alsl.d $t2, $a2, $a1, 0x3 64: ld.d $t2, $t2, 264 68: beq $t2, $zero, -28 # 0x0000004c Before apply this patch, the follow test case will reveal soft lock issues. cd tools/testing/selftests/bpf/ ./test_progs --allow=tailcalls/tailcall_bpf2bpf_1 dmesg: watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e - < 1a782fa32e644aa9fbae6c8488f3e61221ac96e1affected 5dc615520c4dfb358245680f1904bad61116648e - < 17c010fe45def335fe03a0718935416b04c7f349affected 5dc615520c4dfb358245680f1904bad61116648e - < f83d469e16bb1f75991ca67c56786fb2aaa42beaaffected 5dc615520c4dfb358245680f1904bad61116648e - < f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94faffected 5dc615520c4dfb358245680f1904bad61116648e - < 9262e3e04621558e875eb5afb5e726b648cd5949+1 more versions |
Linux | Linux | affected 6.1unaffected 0 - < 6.1unaffected 6.1.149 - <= 6.1.*unaffected 6.6.103 - <= 6.6.*unaffected 6.12.43 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now