Linux Kernel BPF Range Refinement Vulnerability in Networking
CVE-2025-39748

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
11 September 2025

What is CVE-2025-39748?

A vulnerability in the Linux kernel's BPF implementation has been identified where the verifier fails to appropriately refine register bounds after JSET instructions. This can lead to inconsistencies in register states, as paths deemed unreachable at runtime are explored incorrectly, creating potential security risks. The issue was reported by Syzbot and pertains to specific BPF program instruction sets that generate misleading range validations. A fix has been implemented to forget these ranges, enhancing the robustness of the kernel's verifier.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 960ea056561a08e2b837b2f02d22c53226414a84

Linux 960ea056561a08e2b837b2f02d22c53226414a84 < 2fd0c26bacd90ef26522bd3169000a4715bf151f

Linux 960ea056561a08e2b837b2f02d22c53226414a84 < 80a6b11862a7cfdf691e8f9faee89cfea219f098

References

https://git.kernel.org/stable/c/f01e06930444cab289a878301...
https://git.kernel.org/stable/c/2fd0c26bacd90ef26522bd316...
https://git.kernel.org/stable/c/80a6b11862a7cfdf691e8f9fa...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.