CVE-2025-37963

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37963

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37963.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-37963

Downstream

BELL-CVE-2025-37963

DEBIAN-CVE-2025-37963

DLA-4271-1

DSA-5925-1

ECHO-dde3-bdd4-2cfc

OESA-2025-1729

OESA-2025-1730

OESA-2025-1870

SUSE-SU-2025:01918-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:02264-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-37963

USN-7699-1

USN-7699-2

USN-7721-1

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

Related

Published

2025-05-20T16:15:34Z

Modified

2025-08-13T00:01:39Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users

Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB.

In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless.

References

Affected packages