CVE-2025-22087

bpf: Fix array bounds error with may_goto

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stack_size. 1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly. 2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it. 3. For jit_requested cases, the execution of bpf_func also needs to be warned. So move the definition of function __bpf_prog_ret0_warn out of the macro definition CONFIG_BPF_JIT_ALWAYS_ON.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122
https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643
https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8
https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0

Frequently Asked Questions

What is the severity of CVE-2025-22087?
CVE-2025-22087 has not yet been assigned a CVSS score.
How to fix CVE-2025-22087?
To fix CVE-2025-22087, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-22087 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-22087 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-22087?
CVE-2025-22087 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.