Home

CVE-2025-38060

Description

In the Linux kernel, the following vulnerability has been resolved:bpf: copy_verifier_state() should copy loop_entry fieldThe bpf_verifier_state.loop_entry state should be copied bycopy_verifier_state(). Otherwise, .loop_entry values from unrelatedstates would poison env->cur_state.Additionally, env->stack should not contain any states with.loop_entry != null. The states in env->stack are yet to be verified,while .loop_entry is set for states that reached an equivalent state.This means that env->cur_state->loop_entry should always be null afterpop_stack().See the selftest in the next commit for an example of the program thatis not safe yet is accepted by verifier w/o this fix.This change has some verification performance impact for selftests:File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- -------------arena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%)arena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%)arena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%)iters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%)iters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%)iters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%)kmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%)verifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%)verifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)And significant negative impact for sched_ext:File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------bpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%)bpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%)bpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%)bpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%)bpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%)bpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%)bpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%)bpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%)scx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%)scx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%)scx_qmap.bpf.o qmap_dispatch ---truncated---

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.017

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-devel-debuginfo-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-devel-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-debugsource-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-debuginfo-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-syms-azure-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-source-azure-6.4.0-150600.8.43.1.noarch.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-devel-azure-6.4.0-150600.8.43.1.noarch.rpmLinux
kernel6.12 Security Update (ALAS2023-2025-1052) kernel-livepatch-6.12.31-35.92-1.0-0.amzn2023.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-source-azure-6.4.0-150700.20.6.1.noarch.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-syms-azure-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debuginfo-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debugsource-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-debuginfo-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-devel-azure-6.4.0-150700.20.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-syms-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) kernel-default-debugsource-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-base-6.4.0-150700.53.6.1.150700.17.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-source-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-debugsource-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-docs-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-devel-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-macros-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-devel-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-debugsource-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-devel-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-base-6.4.0-150600.23.60.5.150600.12.26.4.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-devel-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Legacy Module 15 SP6) reiserfs-kmp-default-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Legacy Module 15 SP6) reiserfs-kmp-default-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-syms-6.4.0-150600.23.60.4.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-source-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-obs-build-debugsource-6.4.0-150600.23.60.3.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-obs-build-6.4.0-150600.23.60.3.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-macros-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-docs-6.4.0-150600.23.60.3.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234