Kernel Vulnerability in Linux Affecting s390/bpf Functionality
CVE-2025-38489

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38489?

A vulnerability in the Linux kernel related to the s390/bpf subsystem has been identified, arising from an improper handling of the pointer arithmetic in the bpf_plt function. Specifically, the fix for the bpf_arch_text_poke function has reverted, leading to intermittent kernel panics during operations like perf's on_switch() program. This reintroduction of instability necessitates careful attention to the affected components in the Linux environment to maintain system reliability.

Affected Version(s)

Linux c3062bdb859b6e2567e7f5c8cde20c0250bb130f < 0c7b20f7785cfdd59403333612c90b458b12307c

Linux 7ded842b356d151ece8ac4985940438e6d3998bb

References

https://git.kernel.org/stable/c/0c7b20f7785cfdd5940333361...

https://git.kernel.org/stable/c/d5629d1af0600f8cc7c9245e8...

https://git.kernel.org/stable/c/a4f9c7846b1ac428921ce9676...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025