CVE-2025-38280

High

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline] __bpf_prog_run include/linux/filter.h:718 [inline] bpf_prog_run include/linux/filter.h:725 [inline] cls_bpf_classify+0x74a/0x1110 net/sched/cls_bpf.c:105 ... When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable. This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is set to 1, causing the arch to attempt JIT the prog, but jit failed due to FAULT_INJECTION. As a result, incorrectly treats the program as valid, when the program runs it calls `__bpf_prog_ret0_warn` and triggers the WARN_ON_ONCE(1).

Package Linux Kernel
Published 2025-07-10
Last modified 2026-05-12
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

7.8

out of 10
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected versions

Linux kernel versions 4.9.190, 4.14.140, 4.16 and later are affected. Fixed in 5.15.186, 6.1.142, 6.6.94, 6.12.34, 6.15.3, 6.16 and their respective stable series.

Affected from
≥ 4.9.190 ≥ 4.14.140 ≥ 4.16
Fixed in
✓ 5.15.186 5.15.x ✓ 6.1.142 6.1.x ✓ 6.6.94 6.6.x ✓ 6.12.34 6.12.x ✓ 6.15.3 6.15.x ✓ 6.16

References

The following references provide additional information about CVE-2025-38280 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

6 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2025-38280?

    CVE-2025-38280 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . It affects Linux kernel versions from 4.9.190 onward and has been patched in 5.15.186, 6.1.142, 6.6.94 and others. CVE-2025-38280 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2025-38280?

    CVE-2025-38280 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H .

  • Is there a patch available for CVE-2025-38280?

    Yes — CVE-2025-38280 has been patched. Fixed versions include 5.15.186, 6.1.142, 6.6.94 and others. If you are running Linux kernel 4.9.190 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2025-38280 actively exploited?

    No — CVE-2025-38280 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST