Vulnerability Details CVE-2025-38607
In the Linux kernel, the following vulnerability has been resolved:
bpf: handle jset (if a & b ...) as a jump in CFG computation
BPF_JSET is a conditional jump and currently verifier.c:can_jump()
does not know about that. This can lead to incorrect live registers
and SCC computation.
E.g. in the following example:
1: r0 = 1;
2: r2 = 2;
3: if r1 & 0x7 goto +1;
4: exit;
5: r0 = r2;
6: exit;
W/o this fix insn_successors(3) will return only (4), a jump to (5)
would be missed and r2 won't be marked as alive at (3).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-38607
-
cpe:2.3:o:linux:linux_kernel:6.15
-
cpe:2.3:o:linux:linux_kernel:6.15.1
-
cpe:2.3:o:linux:linux_kernel:6.15.2
-
cpe:2.3:o:linux:linux_kernel:6.15.3
-
cpe:2.3:o:linux:linux_kernel:6.15.4
-
cpe:2.3:o:linux:linux_kernel:6.15.5
-
cpe:2.3:o:linux:linux_kernel:6.15.6
-
cpe:2.3:o:linux:linux_kernel:6.15.7
-
cpe:2.3:o:linux:linux_kernel:6.15.8
-
cpe:2.3:o:linux:linux_kernel:6.15.9
-
cpe:2.3:o:linux:linux_kernel:6.16