BPF Vulnerability in Linux Kernel Affects LoongArch Architecture
CVE-2025-37893

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-37893?

A vulnerability in the Linux kernel, specifically affecting the LoongArch architecture, has been identified concerning BPF programs utilizing tail calls. When executing these programs, a hard lockup occurs due to an off-by-one error in the JIT compilation process. This error arises from a mismatch in instruction generation during two compilation passes, leading to an incorrect epilogue offset. The fault results in jumping to unexpected instructions, causing system instability. The issue has been mitigated by introducing a nop instruction to correct the epilogue offset, enhancing the reliability of BPF operations on affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 5dc615520c4dfb358245680f1904bad61116648e

Linux 5dc615520c4dfb358245680f1904bad61116648e < 205a2182c51ffebaef54d643e3745e720cded08b

Linux 5dc615520c4dfb358245680f1904bad61116648e

References

https://git.kernel.org/stable/c/b3ffad2f02db4aace6799fe00...

https://git.kernel.org/stable/c/205a2182c51ffebaef54d643e...

https://git.kernel.org/stable/c/c74d95a5679741ef428974ab7...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-37893?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.