CVE-2025-38586

bpf, arm64: Fix fp initialization for exception boundary

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not called because for a program acting as exception boundary, all callee saved registers are saved. find_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP being used in any of the instructions. For programs acting as exception boundary, ctx->fp_used remains false even if frame pointer is used by the program and therefore, FP is not set-up for such programs in the prologue. This can cause the kernel to crash due to a pagefault. Fix it by setting ctx->fp_used = true for exception boundary programs as fp is always saved in such programs.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321
https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422
https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce
https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35

Frequently Asked Questions

What is the severity of CVE-2025-38586?
CVE-2025-38586 has not yet been assigned a CVSS score.
How to fix CVE-2025-38586?
To fix CVE-2025-38586, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38586 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38586 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38586?
CVE-2025-38586 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.