Linux Kernel Vulnerability in LoongArch BPF Affecting Performance
CVE-2025-38723

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38723?

A vulnerability in the Linux kernel's BPF mechanism associated with LoongArch architectures results in incorrect jump offset calculations during tail calls. This condition arises due to an omitted JIT context initialization in the bpf_int_jit_compile(), leading to a negative jump offset calculation. Such errors can lead to significant performance problems, including soft lockup scenarios in which the CPU becomes unresponsive, as evidenced by test cases indicating stuck CPUs. Users of affected Linux kernel versions should apply updates promptly to mitigate this issue.

Affected Version(s)

Linux 5dc615520c4dfb358245680f1904bad61116648e < 1a782fa32e644aa9fbae6c8488f3e61221ac96e1

Linux 5dc615520c4dfb358245680f1904bad61116648e < 17c010fe45def335fe03a0718935416b04c7f349

Linux 5dc615520c4dfb358245680f1904bad61116648e

References

https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c848...

https://git.kernel.org/stable/c/17c010fe45def335fe03a0718...

https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025