Out-of-Bounds Access in Linux Kernel Cgroup Local Storage
CVE-2025-38502
What is CVE-2025-38502?
A vulnerability exists in the Linux kernel's handling of cgroup local storage, allowing for an out-of-bounds access during the execution of BPF programs. This can occur when two BPF programs with differing local storage sizes utilize tail calls. The error arises when the BPF verifier correctly validates each program but fails to ensure the integrity of the local storage mapping at runtime. Consequently, a subsequent program can incorrectly reference a map from a prior program, leading to unintended out-of-bounds memory access. To address this, the system's storage management must ensure that each BPF program accurately references its own local storage and validates program requirements before establishing tail call relationships.
Affected Version(s)
Linux 7d9c3427894fe70d1347b4820476bf37736d2ff0 < 19341d5c59e8c7e8528e40f8663e99d67810473c
Linux 7d9c3427894fe70d1347b4820476bf37736d2ff0
Linux 5.9