CVE-2025-38280

bpf: Avoid __bpf_prog_ret0_warn when jit fails

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105 ... When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable. This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULT_INJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls `__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e7fb4ebee6e900899d2b2e5852c3e2eafcbcad66
https://git.kernel.org/stable/c/ef92b96530d1731d9ac167bc7c193c683cd78fff
https://git.kernel.org/stable/c/6f639c25bfad17d9fd7379ab91ff9678ea9aac85
https://git.kernel.org/stable/c/2bc6dffb4b72d53d6a6ada510269bf548c3f7ae0
https://git.kernel.org/stable/c/0b9bb52796b239de6792d0d68cdc6eb505ebff96
https://git.kernel.org/stable/c/86bc9c742426a16b52a10ef61f5b721aecca2344

Frequently Asked Questions

What is the severity of CVE-2025-38280?
CVE-2025-38280 has not yet been assigned a CVSS score.
How to fix CVE-2025-38280?
To fix CVE-2025-38280, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38280 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38280 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38280?
CVE-2025-38280 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.