Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array to go out of bounds when calculating index by stack_size. 1. If a BPF program is rewritten, re-evaluate the stack size. For non-JIT cases, reject loading directly. 2. For non-JIT cases, calculating interpreters[idx] may still cause out-of-bounds array access, and just warn about it. 3. For jit_requested cases, the execution of bpf_func also needs to be warned. So move the definition of function __bpf_prog_ret0_warn out of the macro definition CONFIG_BPF_JIT_ALWAYS_ON.

INFO

Published Date :

2025-04-16T14:12:35.359Z

Last Modified :

2025-05-26T05:18:11.843Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22087 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22087.

URL Resource
https://git.kernel.org/stable/c/19e6817f84000d0b06f09fd69ebd56217842c122 cve-icon cve-icon
https://git.kernel.org/stable/c/1a86ae57b2600e5749f5f674e9d4296ac00c69a8 cve-icon cve-icon
https://git.kernel.org/stable/c/4524b7febdd55fb99ae2e1f48db64019fa69e643 cve-icon cve-icon
https://git.kernel.org/stable/c/6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025041616-CVE-2025-22087-d711@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-22087 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-22087 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact