cvelistv5 - cve-2025-38607

CVE-2025-38607 (GCVE-0-2025-38607)

Vulnerability from cvelistv5

Published

2025-08-19 17:03

Modified

2025-08-19 17:03

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e

Impacted products

Vendor

Product

Version

▼

Linux

Version: 14c8552db64476ffc27c13dc6652fc0dac31c0ba
Version: 14c8552db64476ffc27c13dc6652fc0dac31c0ba
Version: 14c8552db64476ffc27c13dc6652fc0dac31c0ba

Linux

Version: 6.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "65eb166b8636365ad3d6e36d50a7c5edfe6cc66e",
              "status": "affected",
              "version": "14c8552db64476ffc27c13dc6652fc0dac31c0ba",
              "versionType": "git"
            },
            {
              "lessThan": "261b30ad1516f4b9edd500aa6e8d6315c8fc109a",
              "status": "affected",
              "version": "14c8552db64476ffc27c13dc6652fc0dac31c0ba",
              "versionType": "git"
            },
            {
              "lessThan": "3157f7e2999616ac91f4d559a8566214f74000a5",
              "status": "affected",
              "version": "14c8552db64476ffc27c13dc6652fc0dac31c0ba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: handle jset (if a \u0026 b ...) as a jump in CFG computation\n\nBPF_JSET is a conditional jump and currently verifier.c:can_jump()\ndoes not know about that. This can lead to incorrect live registers\nand SCC computation.\n\nE.g. in the following example:\n\n   1: r0 = 1;\n   2: r2 = 2;\n   3: if r1 \u0026 0x7 goto +1;\n   4: exit;\n   5: r0 = r2;\n   6: exit;\n\nW/o this fix insn_successors(3) will return only (4), a jump to (5)\nwould be missed and r2 won\u0027t be marked as alive at (3)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T17:03:50.947Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e"
        },
        {
          "url": "https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5"
        }
      ],
      "title": "bpf: handle jset (if a \u0026 b ...) as a jump in CFG computation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38607",
    "datePublished": "2025-08-19T17:03:50.947Z",
    "dateReserved": "2025-04-16T04:51:24.028Z",
    "dateUpdated": "2025-08-19T17:03:50.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38607\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:39.070\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf: handle jset (if a \u0026 b ...) as a jump in CFG computation\\n\\nBPF_JSET is a conditional jump and currently verifier.c:can_jump()\\ndoes not know about that. This can lead to incorrect live registers\\nand SCC computation.\\n\\nE.g. in the following example:\\n\\n   1: r0 = 1;\\n   2: r2 = 2;\\n   3: if r1 \u0026 0x7 goto +1;\\n   4: exit;\\n   5: r0 = r2;\\n   6: exit;\\n\\nW/o this fix insn_successors(3) will return only (4), a jump to (5)\\nwould be missed and r2 won\u0027t be marked as alive at (3).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: manejar jset (si a \u0026amp; b ...) como un salto en el c\u00e1lculo CFG. BPF_JSET es un salto condicional y actualmente verifier.c:can_jump() no lo detecta. Esto puede provocar registros activos y c\u00e1lculos SCC incorrectos. Por ejemplo, en el siguiente ejemplo: 1: r0 = 1; 2: r2 = 2; 3: si r1 \u0026amp; 0x7 goto +1; 4: salir; 5: r0 = r2; 6: salir; Sin esta correcci\u00f3n, insn_successors(3) solo devolver\u00e1 (4), se omitir\u00eda un salto a (5) y r2 no se marcar\u00eda como activo en (3).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

wid-sec-w-2025-1869

Vulnerability from csaf_certbund

Published

2025-08-19 22:00

Modified

2025-09-22 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1869 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1869.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1869 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1869"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38554",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081902-CVE-2025-38554-b161@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38555",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38555-e81a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38556",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38556-521e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38557",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38557-4b79@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38558",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081906-CVE-2025-38558-86a7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38559",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081906-CVE-2025-38559-9fa1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38560",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081906-CVE-2025-38560-d265@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38561",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081907-CVE-2025-38561-0f75@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38562",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081907-CVE-2025-38562-1418@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38563",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081907-CVE-2025-38563-81e4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38564",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081908-CVE-2025-38564-efa3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38565",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081908-CVE-2025-38565-0f60@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38566",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081908-CVE-2025-38566-edef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38567",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38567-3597@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38568",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38568-7cd9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38569",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081909-CVE-2025-38569-7ad5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38570",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081910-CVE-2025-38570-b790@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38571",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081910-CVE-2025-38571-ba2a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38572",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081910-CVE-2025-38572-200b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38573",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081911-CVE-2025-38573-f7c4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38574",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081911-CVE-2025-38574-6c50@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38576",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081912-CVE-2025-38576-d1a7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38577",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081912-CVE-2025-38577-f225@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38578",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081912-CVE-2025-38578-d58a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38579",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081913-CVE-2025-38579-db94@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38580",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081913-CVE-2025-38580-554b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38581",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081913-CVE-2025-38581-04e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38582",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081914-CVE-2025-38582-7eca@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38583",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081914-CVE-2025-38583-ca53@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38584",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081914-CVE-2025-38584-2648@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38585",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081915-CVE-2025-38585-e14e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38586",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081915-CVE-2025-38586-789b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38587",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081915-CVE-2025-38587-6da9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38588",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081916-CVE-2025-38588-cb2d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38589",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081916-CVE-2025-38589-52ae@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38590",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081917-CVE-2025-38590-6e67@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38591",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081917-CVE-2025-38591-2a4d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38592",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081917-CVE-2025-38592-9905@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38593",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081918-CVE-2025-38593-22c2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38594",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081918-CVE-2025-38594-d686@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38595",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081918-CVE-2025-38595-9676@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38596",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081919-CVE-2025-38596-9c29@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38597",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081919-CVE-2025-38597-82d6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38598",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081919-CVE-2025-38598-4eab@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38599",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081920-CVE-2025-38599-734a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38600",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081920-CVE-2025-38600-dddc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38601",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081920-CVE-2025-38601-1ab2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38602",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081921-CVE-2025-38602-d52f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38603",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081921-CVE-2025-38603-6dc3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38604",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081921-CVE-2025-38604-fd5d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38605",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081922-CVE-2025-38605-32f2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38606",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081922-CVE-2025-38606-0026@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38607",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081922-CVE-2025-38607-c6ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38608",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38608-e829@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38609",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38609-9c6a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38610",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38610-9b4f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38611",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38611-e9f6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38612",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081924-CVE-2025-38612-2888@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38613",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081924-CVE-2025-38613-8505@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38614",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081924-CVE-2025-38614-883c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-38615",
        "url": "https://lore.kernel.org/linux-cve-announce/2025081925-CVE-2025-38615-5f57@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20669-1 vom 2025-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022482.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20653-1 vom 2025-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022432.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03204-1 vom 2025-09-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022522.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-104 vom 2025-09-16",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-104.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-109 vom 2025-09-16",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-109.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03272-1 vom 2025-09-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022589.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03283-1 vom 2025-09-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022596.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:16354 vom 2025-09-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:16354"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03290-1 vom 2025-09-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022602.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:16372 vom 2025-09-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:16372"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6009 vom 2025-09-23",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6008 vom 2025-09-23",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00172.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-22T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-23T04:56:21.413+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1869",
      "initial_release_date": "2025-08-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-25367"
        },
        {
          "date": "2025-09-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-09-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-21T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-22T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE, Red Hat und Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T046361",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-38554",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38554"
    },
    {
      "cve": "CVE-2025-38555",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38555"
    },
    {
      "cve": "CVE-2025-38556",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38556"
    },
    {
      "cve": "CVE-2025-38557",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38557"
    },
    {
      "cve": "CVE-2025-38558",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38558"
    },
    {
      "cve": "CVE-2025-38559",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38559"
    },
    {
      "cve": "CVE-2025-38560",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38560"
    },
    {
      "cve": "CVE-2025-38561",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38561"
    },
    {
      "cve": "CVE-2025-38562",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38562"
    },
    {
      "cve": "CVE-2025-38563",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38563"
    },
    {
      "cve": "CVE-2025-38564",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38564"
    },
    {
      "cve": "CVE-2025-38565",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38565"
    },
    {
      "cve": "CVE-2025-38566",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38566"
    },
    {
      "cve": "CVE-2025-38567",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38567"
    },
    {
      "cve": "CVE-2025-38568",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38568"
    },
    {
      "cve": "CVE-2025-38569",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38569"
    },
    {
      "cve": "CVE-2025-38570",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38570"
    },
    {
      "cve": "CVE-2025-38571",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38571"
    },
    {
      "cve": "CVE-2025-38572",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38572"
    },
    {
      "cve": "CVE-2025-38573",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38573"
    },
    {
      "cve": "CVE-2025-38574",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38574"
    },
    {
      "cve": "CVE-2025-38576",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38576"
    },
    {
      "cve": "CVE-2025-38577",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38577"
    },
    {
      "cve": "CVE-2025-38578",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38578"
    },
    {
      "cve": "CVE-2025-38579",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38579"
    },
    {
      "cve": "CVE-2025-38580",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38580"
    },
    {
      "cve": "CVE-2025-38581",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38581"
    },
    {
      "cve": "CVE-2025-38582",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38582"
    },
    {
      "cve": "CVE-2025-38583",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38583"
    },
    {
      "cve": "CVE-2025-38584",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38584"
    },
    {
      "cve": "CVE-2025-38585",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38585"
    },
    {
      "cve": "CVE-2025-38586",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38586"
    },
    {
      "cve": "CVE-2025-38587",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38587"
    },
    {
      "cve": "CVE-2025-38588",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38588"
    },
    {
      "cve": "CVE-2025-38589",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38589"
    },
    {
      "cve": "CVE-2025-38590",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38590"
    },
    {
      "cve": "CVE-2025-38591",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38591"
    },
    {
      "cve": "CVE-2025-38592",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38592"
    },
    {
      "cve": "CVE-2025-38593",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38593"
    },
    {
      "cve": "CVE-2025-38594",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38594"
    },
    {
      "cve": "CVE-2025-38595",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38595"
    },
    {
      "cve": "CVE-2025-38596",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38596"
    },
    {
      "cve": "CVE-2025-38597",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38597"
    },
    {
      "cve": "CVE-2025-38598",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38598"
    },
    {
      "cve": "CVE-2025-38599",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38599"
    },
    {
      "cve": "CVE-2025-38600",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38600"
    },
    {
      "cve": "CVE-2025-38601",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38601"
    },
    {
      "cve": "CVE-2025-38602",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38602"
    },
    {
      "cve": "CVE-2025-38603",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38603"
    },
    {
      "cve": "CVE-2025-38604",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38604"
    },
    {
      "cve": "CVE-2025-38605",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38605"
    },
    {
      "cve": "CVE-2025-38606",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38606"
    },
    {
      "cve": "CVE-2025-38607",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38607"
    },
    {
      "cve": "CVE-2025-38608",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38608"
    },
    {
      "cve": "CVE-2025-38609",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38609"
    },
    {
      "cve": "CVE-2025-38610",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38610"
    },
    {
      "cve": "CVE-2025-38611",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38611"
    },
    {
      "cve": "CVE-2025-38612",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38612"
    },
    {
      "cve": "CVE-2025-38613",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38613"
    },
    {
      "cve": "CVE-2025-38614",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38614"
    },
    {
      "cve": "CVE-2025-38615",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "398363",
          "T046361"
        ]
      },
      "release_date": "2025-08-19T22:00:00.000+00:00",
      "title": "CVE-2025-38615"
    }
  ]
}

fkie_cve-2025-38607

Vulnerability from fkie_nvd

Published

2025-08-19 17:15

Modified

2025-08-20 14:40

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: handle jset (if a \u0026 b ...) as a jump in CFG computation\n\nBPF_JSET is a conditional jump and currently verifier.c:can_jump()\ndoes not know about that. This can lead to incorrect live registers\nand SCC computation.\n\nE.g. in the following example:\n\n   1: r0 = 1;\n   2: r2 = 2;\n   3: if r1 \u0026 0x7 goto +1;\n   4: exit;\n   5: r0 = r2;\n   6: exit;\n\nW/o this fix insn_successors(3) will return only (4), a jump to (5)\nwould be missed and r2 won\u0027t be marked as alive at (3)."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: manejar jset (si a \u0026amp; b ...) como un salto en el c\u00e1lculo CFG. BPF_JSET es un salto condicional y actualmente verifier.c:can_jump() no lo detecta. Esto puede provocar registros activos y c\u00e1lculos SCC incorrectos. Por ejemplo, en el siguiente ejemplo: 1: r0 = 1; 2: r2 = 2; 3: si r1 \u0026amp; 0x7 goto +1; 4: salir; 5: r0 = r2; 6: salir; Sin esta correcci\u00f3n, insn_successors(3) solo devolver\u00e1 (4), se omitir\u00eda un salto a (5) y r2 no se marcar\u00eda como activo en (3)."
    }
  ],
  "id": "CVE-2025-38607",
  "lastModified": "2025-08-20T14:40:17.713",
  "metrics": {},
  "published": "2025-08-19T17:15:39.070",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

ghsa-8qpr-r3pf-7ggx

Vulnerability from github

Published

2025-08-19 18:31

Modified

2025-08-19 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: handle jset (if a & b ...) as a jump in CFG computation

BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation.

E.g. in the following example:

1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit;

W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-38607"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T17:15:39Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: handle jset (if a \u0026 b ...) as a jump in CFG computation\n\nBPF_JSET is a conditional jump and currently verifier.c:can_jump()\ndoes not know about that. This can lead to incorrect live registers\nand SCC computation.\n\nE.g. in the following example:\n\n   1: r0 = 1;\n   2: r2 = 2;\n   3: if r1 \u0026 0x7 goto +1;\n   4: exit;\n   5: r0 = r2;\n   6: exit;\n\nW/o this fix insn_successors(3) will return only (4), a jump to (5)\nwould be missed and r2 won\u0027t be marked as alive at (3).",
  "id": "GHSA-8qpr-r3pf-7ggx",
  "modified": "2025-08-19T18:31:33Z",
  "published": "2025-08-19T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38607"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-38607 (GCVE-0-2025-38607)

Vulnerability from cvelistv5

wid-sec-w-2025-1869

Vulnerability from csaf_certbund

fkie_cve-2025-38607

Vulnerability from fkie_nvd

ghsa-8qpr-r3pf-7ggx

Vulnerability from github

Tags

Sightings

Nomenclature