From: Rolf Eike Beer <eb@emlix.com>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
KaFai Wan <mannkafai@gmail.com>
Cc: bpf@vger.kernel.org
Subject: When did CVE-2025-38280 actually become a problem?
Date: Mon, 11 Aug 2025 10:50:21 +0200 [thread overview]
Message-ID: <5003841.GXAFRqVoOG@devpool92.emlix.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1972 bytes --]
Hi all,
I sent basically the same question to cve@kernel.org but they are out of
ideas. They assign the affected version numbers based on the "Fixes"
information initially. But I'm unsure if that one is actually correct here,
see below.
The fix is this commit:
> commit 86bc9c742426a16b52a10ef61f5b721aecca2344
> Author: KaFai Wan <mannkafai@gmail.com>
> Date: Mon May 26 21:33:58 2025 +0800
>
> bpf: Avoid __bpf_prog_ret0_warn when jit fails
>
[…]
> Fixes: fa9dd599b4da ("bpf: get rid of pure_initcall dependency to enable
jits")
And my questions were those:
=========
I was staring a while on CVE-2025-38280, especially since the message states:
> When creating bpf program, 'fp->jit_requested' depends on bpf_jit_enable.
> This issue is triggered because of CONFIG_BPF_JIT_ALWAYS_ON is not set …
But the commit that this was attributed to
(5124abda3060e2eab506fb14a27acadee3c3e396) added the warning to the code, but
the function is only reachable when CONFIG_BPF_JIT_ALWAYS_ON is set. This was
the case until 6ebc5030e0c5a698f1dd9a6684cddf6ccaed64a0 moved it out of the
define. So is this even an issue before 6.15 after all? Since the fix got
backported I think it's more an issue to where the second commit got
backported? So in my eyes the 5.10 kernel I'm currently staring at isn't
affected at all.
==========
Can anyone comment on this? If there is a conclusion I can relay that to the
CVE folks to update the version ranges afterwards.
Regards,
Eike
--
Rolf Eike Beer
emlix GmbH
Headquarters: Berliner Str. 12, 37073 Göttingen, Germany
Phone +49 (0)551 30664-0, e-mail info@emlix.com
District Court of Göttingen, Registry Number HR B 3160
Managing Directors: Heike Jordan, Dr. Uwe Kracke
VAT ID No. DE 205 198 055
Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
Office Bonn: Bachstr. 6, 53115 Bonn, Germany
http://www.emlix.com
emlix - your embedded Linux partner
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 350 bytes --]
next reply other threads:[~2025-08-11 8:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-11 8:50 Rolf Eike Beer [this message]
2025-08-18 8:28 ` When did CVE-2025-38280 actually become a problem? Shung-Hsi Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5003841.GXAFRqVoOG@devpool92.emlix.com \
--to=eb@emlix.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=mannkafai@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.