Buffer Overflow Vulnerability in Linux Kernel PowerPC Architecture
CVE-2025-38339

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38339?

A vulnerability exists in the Linux kernel affecting the PowerPC architecture during Just-In-Time (JIT) compilation of BPF trampolines. The issue arises within the function responsible for calculating the JIT code size for BPF trampolines, specifically in the arch_bpf_trampoline_size() function. If the number of instructions computed is less than the actual needed during JIT compilation, it can lead to a buffer overflow, resulting in system instability or denial of service. Proper validation and accounting during the dummy pass can help mitigate such risks.

Affected Version(s)

Linux d243b62b7bd3d5314382d3b54e4992226245e936 < 7833deb95e05bec146414b3a2feb24f025ca27c0

Linux d243b62b7bd3d5314382d3b54e4992226245e936 < 59ba025948be2a92e8bc9ae1cbdaf197660bd508

Linux 6.13

References

https://git.kernel.org/stable/c/7833deb95e05bec146414b3a2...

https://git.kernel.org/stable/c/59ba025948be2a92e8bc9ae1c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025