Description

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp.

INFO

Published Date :

2025-05-20T16:01:44.452Z

Last Modified :

2025-12-20T08:51:44.567Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37948 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37948.

URL Resource
https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735 cve-icon cve-icon
https://git.kernel.org/stable/c/38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78 cve-icon cve-icon
https://git.kernel.org/stable/c/42a20cf51011788f04cf2adbcd7681f02bdb6c27 cve-icon cve-icon
https://git.kernel.org/stable/c/852b8ae934b5cbdc62496fa56ce9969aa2edda7f cve-icon cve-icon
https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab cve-icon cve-icon
https://git.kernel.org/stable/c/993f63239c219696aef8887a4e7d3a16bf5a8ece cve-icon cve-icon
https://git.kernel.org/stable/c/c6a8735d841bcb7649734bb3a787bb174c67c0d8 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025052000-CVE-2025-37948-2f8d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37948 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37948 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact