CVE-2025-38607
- Source
- https://cve.org/CVERecord?id=CVE-2025-38607
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38607.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38607
- Downstream
- Published
- 2025-08-19T17:03:50.947Z
- Modified
- 2026-04-02T12:48:03.300115Z
- Summary
- bpf: handle jset (if a & b ...) as a jump in CFG computation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: handle jset (if a & b ...) as a jump in CFG computation
BPFJSET is a conditional jump and currently verifier.c:canjump() does not know about that. This can lead to incorrect live registers and SCC computation.
E.g. in the following example:
1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit;
W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38607.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a
- https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5
- https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38607.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38607
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git