Format String Vulnerability in Linux Kernel Affects BPF Trace Functionality
CVE-2025-38528

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 August 2025

What is CVE-2025-38528?

A format string vulnerability in the Linux kernel's BPF functions allows for improper handling of input resulting in kernel warnings. Specifically, the bpf_trace_printk function fails to reject an unsupported format string that contains multiple '%' characters. This oversight can lead to runtime warnings as the BPF program fails to process the input correctly, risking system stability. A patch has been applied to ensure that such format strings are appropriately rejected, enhancing the robustness of BPF functionalities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 97303e541e12f1fea97834ec64b98991e8775f39

Linux 48cac3f4a96ddf08df8e53809ed066de0dc93915 < 61d5fa45ed13e42af14c7e959baba9908b8ee6d4

Linux 48cac3f4a96ddf08df8e53809ed066de0dc93915

References

https://git.kernel.org/stable/c/97303e541e12f1fea97834ec6...
https://git.kernel.org/stable/c/61d5fa45ed13e42af14c7e959...
https://git.kernel.org/stable/c/e7be679124bae8cf4fa6e40d7...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.