CVE-2025-38586

{"id": "CVE-2025-38586", "cveTags": [], "metrics": {}, "published": "2025-08-19T17:15:36.113", "references": [{"url": "https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix fp initialization for exception boundary\n\nIn the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF\nprogram, find_used_callee_regs() is not called because for a program\nacting as exception boundary, all callee saved registers are saved.\nfind_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP\nbeing used in any of the instructions.\n\nFor programs acting as exception boundary, ctx->fp_used remains false\neven if frame pointer is used by the program and therefore, FP is not\nset-up for such programs in the prologue. This can cause the kernel to\ncrash due to a pagefault.\n\nFix it by setting ctx->fp_used = true for exception boundary programs as\nfp is always saved in such programs."}], "lastModified": "2025-08-19T17:15:36.113", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}