CVE-2025-38489

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") has accidentally removed the critical piece of commit c730fce7c70c ("s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL"), causing intermittent kernel panics in e.g. perf's on_switch() prog to reappear. Restore the fix and add a comment.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0c7b20f7785cfdd59403333612c90b458b12307c	Patch
https://git.kernel.org/stable/c/6a5abf8cf182f577c7ae6c62f14debc9754ec986	Patch
https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676b1b8c80ed60093c	Patch
https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8d832a66358ef889	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:-::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc6::::::

History

19 Nov 2025, 17:45

Type	Values Removed	Values Added
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.9:-:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.9:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc7::::::
References	~~() https://git.kernel.org/stable/c/0c7b20f7785cfdd59403333612c90b458b12307c -~~	() https://git.kernel.org/stable/c/0c7b20f7785cfdd59403333612c90b458b12307c - Patch
References	~~() https://git.kernel.org/stable/c/6a5abf8cf182f577c7ae6c62f14debc9754ec986 -~~	() https://git.kernel.org/stable/c/6a5abf8cf182f577c7ae6c62f14debc9754ec986 - Patch
References	~~() https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676b1b8c80ed60093c -~~	() https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676b1b8c80ed60093c - Patch
References	~~() https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8d832a66358ef889 -~~	() https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8d832a66358ef889 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") eliminó accidentalmente la parte crítica del commit c730fce7c70c ("s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL"), lo que provocaba la reaparición de pánicos de kernel intermitentes en el programa on_switch() de perf, por ejemplo. Restablezca la corrección y añada un comentario.

28 Jul 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 12:15

Updated : 2025-11-19 17:45

NVD link : CVE-2025-38489

Mitre link : CVE-2025-38489

CVE.ORG link : CVE-2025-38489

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10