CVE-2025-38202 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22
https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c
https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f
https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b
https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569
https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38202-bef0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38202
https://www.cve.org/CVERecord?id=CVE-2025-38202

History

Sat, 05 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38202-bef0@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38202 https://www.cve.org/CVERecord?id=CVE-2025-38202
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 04 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check.
Title		bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
References		https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22 https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-04T13:37:23.347Z

Updated: 2025-07-07T08:46:06.568Z

Reserved: 2025-04-16T04:51:23.994Z

Link: CVE-2025-38202

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-04T14:15:28.117

Modified: 2025-07-08T16:18:53.607

Link: CVE-2025-38202

Redhat

Severity : Low

Publid Date: 2025-07-04T00:00:00Z

Links: CVE-2025-38202 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object