LoongArch: BPF: Fix jump offset calculation in tailcall
Summary
| CVE | CVE-2025-38723 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-09-04 16:15:42 UTC |
| Updated | 2026-05-12 13:17:02 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset - (cur_offset))" is a negative number, which is wrong. The final generated assembly are as follow. 54: bgeu $a2, $t1, -8 # 0x0000004c 58: addi.d $a6, $s5, -1 5c: bltz $a6, -16 # 0x0000004c 60: alsl.d $t2, $a2, $a1, 0x3 64: ld.d $t2, $t2, 264 68: beq $t2, $zero, -28 # 0x0000004c Before apply this patch, the follow test case will reveal soft lock issues. cd tools/testing/selftests/bpf/ ./test_progs --allow=tailcalls/tailcall_bpf2bpf_1 dmesg: watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056] |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Problem Types: NVD-CWE-noinfo
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e 1a782fa32e644aa9fbae6c8488f3e61221ac96e1 git | Not specified |
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e 17c010fe45def335fe03a0718935416b04c7f349 git | Not specified |
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e f83d469e16bb1f75991ca67c56786fb2aaa42bea git | Not specified |
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f git | Not specified |
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e 9262e3e04621558e875eb5afb5e726b648cd5949 git | Not specified |
| CNA | Linux | Linux | affected 5dc615520c4dfb358245680f1904bad61116648e cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3 git | Not specified |
| CNA | Linux | Linux | affected 6.1 | Not specified |
| CNA | Linux | Linux | unaffected 6.1 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.149 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.103 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.43 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.15.11 6.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.16.2 6.16.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.17 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC CN 4100 | affected V5.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| lists.debian.org/debian-lts-announce/2025/10/msg00008.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-032379.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.