Re: When did CVE-2025-38280 actually become a problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 11, 2025 at 10:50:21AM +0200, Rolf Eike Beer wrote:
> Hi all,
> 
> I sent basically the same question to cve@xxxxxxxxxx but they are out of 
> ideas. They assign the affected version numbers based on the "Fixes" 
> information initially. But I'm unsure if that one is actually correct here, 
> see below.
> 
> The fix is this commit:
> 
> > commit 86bc9c742426a16b52a10ef61f5b721aecca2344
> > Author: KaFai Wan <mannkafai@xxxxxxxxx>
> > Date:   Mon May 26 21:33:58 2025 +0800
> >
> >     bpf: Avoid __bpf_prog_ret0_warn when jit fails
> > 
> […]
> > Fixes: fa9dd599b4da ("bpf: get rid of pure_initcall dependency to enable 
> jits")
> 
> And my questions were those:
> 
> =========
> I was staring a while on CVE-2025-38280, especially since the message states:
> 
> > When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable.
> > This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set …
> 
> But the commit that this was attributed to 
> (5124abda3060e2eab506fb14a27acadee3c3e396) added the warning to the code, but 
> the function is only reachable when CONFIG_BPF_JIT_ALWAYS_ON is set. This was 
> the case until 6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0 moved it out of the 
> define. So is this even an issue before 6.15 after all? Since the fix got 
> backported I think it's more an issue to where the second commit got 
> backported? So in my eyes the 5.10 kernel I'm currently staring at isn't 
> affected at all.
> ==========
> 
> Can anyone comment on this? If there is a conclusion I can relay that to the 
> CVE folks to update the version ranges afterwards.

Agree with the analysis. As far as the kernel warning is concerned, I
don't think it can happen before commit 6ebc5030e0c5.

Best,
Shung-Hsi

> Regards,
> 
> Eike
> -- 
> Rolf Eike Beer
> 
> emlix GmbH
> Headquarters: Berliner Str. 12, 37073 Göttingen, Germany
> Phone +49 (0)551 30664-0, e-mail info@xxxxxxxxx
> District Court of Göttingen, Registry Number HR B 3160
> Managing Directors: Heike Jordan, Dr. Uwe Kracke
> VAT ID No. DE 205 198 055
> Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
> Office Bonn: Bachstr. 6, 53115 Bonn, Germany
> http://www.emlix.com
> 
> emlix - your embedded Linux partner
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux