DEBIAN-CVE-2025-68216

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problems: * The bpf_selftests/module_attach test fails consistently. * Kernel lockup when a BPF program is attached to a module function [1]. * Critical kernel modules like WireGuard experience traffic disruption when their functions are traced with fentry [2]. Given the severity and the potential for other unknown side-effects, it is safest to disable the feature entirely for now. This patch prevents the BPF subsystem from allowing trampoline attachments to kernel module functions on LoongArch. This is a temporary mitigation until the core issues in the trampoline code for kernel module handling can be identified and fixed. [root@fedora bpf]# ./testprogs -a moduleattach -v bpftestmod.ko is already unloaded. Loading bpftestmod.ko... Successfully loaded bpftestmod.ko. testmoduleattach:PASS:skelopen 0 nsec testmoduleattach:PASS:setattachtarget 0 nsec testmoduleattach:PASS:setattachtargetexplicit 0 nsec testmoduleattach:PASS:skelload 0 nsec libbpf: prog 'handlefentry': failed to attach: -ENOTSUPP libbpf: prog 'handlefentry': failed to auto-attach: -ENOTSUPP testmoduleattach:FAIL:skelattach skeleton attach failed: -524 Summary: 0/0 PASSED, 0 SKIPPED, 1 FAILED Successfully unloaded bpftestmod.ko. [1]: https://lore.kernel.org/loongarch/CAK3+h2wDmpC-hP4u4pJY8T-yfKyk4yRzpu2LMO+C13FMT58oqQ@mail.gmail.com/ [2]: https://lore.kernel.org/loongarch/CAK3+h2wYcpc+OwdLDUBvg2rF9rvvyc5amfHT-KcFaK93uoELPg@mail.gmail.com/