Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check.

INFO

Published Date :

2025-07-04T13:37:23.347Z

Last Modified :

2025-11-03T17:35:24.781Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38202 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38202.

URL Resource
https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22 cve-icon cve-icon
https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c cve-icon cve-icon
https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f cve-icon cve-icon
https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b cve-icon cve-icon
https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38202-bef0@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38202 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38202 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact