fkie_cve-2025-38586
Vulnerability from fkie_nvd
Published
2025-08-19 17:15
Modified
2025-08-20 14:40
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not called because for a program acting as exception boundary, all callee saved registers are saved. find_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP being used in any of the instructions. For programs acting as exception boundary, ctx->fp_used remains false even if frame pointer is used by the program and therefore, FP is not set-up for such programs in the prologue. This can cause the kernel to crash due to a pagefault. Fix it by setting ctx->fp_used = true for exception boundary programs as fp is always saved in such programs.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix fp initialization for exception boundary\n\nIn the ARM64 BPF JIT when prog-\u003eaux-\u003eexception_boundary is set for a BPF\nprogram, find_used_callee_regs() is not called because for a program\nacting as exception boundary, all callee saved registers are saved.\nfind_used_callee_regs() sets `ctx-\u003efp_used = true;` when it sees FP\nbeing used in any of the instructions.\n\nFor programs acting as exception boundary, ctx-\u003efp_used remains false\neven if frame pointer is used by the program and therefore, FP is not\nset-up for such programs in the prologue. This can cause the kernel to\ncrash due to a pagefault.\n\nFix it by setting ctx-\u003efp_used = true for exception boundary programs as\nfp is always saved in such programs."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, arm64: Arreglar la inicializaci\u00f3n de fp para el l\u00edmite de excepci\u00f3n En el JIT BPF de ARM64 cuando se configura prog-\u0026gt;aux-\u0026gt;exception_boundary para un programa BPF, no se llama a find_used_callee_regs() porque para un programa que act\u00faa como l\u00edmite de excepci\u00f3n, se guardan todos los registros guardados del llamado. find_used_callee_regs() establece `ctx-\u0026gt;fp_used = true;` cuando ve que se usa FP en cualquiera de las instrucciones. Para los programas que act\u00faan como l\u00edmite de excepci\u00f3n, ctx-\u0026gt;fp_used permanece falso incluso si el programa usa el puntero de frame y, por lo tanto, FP no est\u00e1 configurado para tales programas en el pr\u00f3logo. Esto puede hacer que el kernel se bloquee debido a un fallo de p\u00e1gina. Corr\u00edjalo configurando ctx-\u0026gt;fp_used = true para los programas con l\u00edmite de excepci\u00f3n, ya que fp siempre se guarda en tales programas."
    }
  ],
  "id": "CVE-2025-38586",
  "lastModified": "2025-08-20T14:40:17.713",
  "metrics": {},
  "published": "2025-08-19T17:15:36.113",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.