{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T08:04:22.769","vulnerabilities":[{"cve":{"id":"CVE-2025-38339","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-10T09:15:28.633","lastModified":"2025-11-18T12:52:48.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf: fix JIT code size calculation of bpf trampoline\n\narch_bpf_trampoline_size() provides JIT size of the BPF trampoline\nbefore the buffer for JIT'ing it is allocated. The total number of\ninstructions emitted for BPF trampoline JIT code depends on where\nthe final image is located. So, the size arrived at with the dummy\npass in arch_bpf_trampoline_size() can vary from the actual size\nneeded in  arch_prepare_bpf_trampoline().  When the instructions\naccounted in  arch_bpf_trampoline_size() is less than the number of\ninstructions emitted during the actual JIT compile of the trampoline,\nthe below warning is produced:\n\n  WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc\n\nwhich is:\n\n  /* Make sure the trampoline generation logic doesn't overflow */\n  if (image && WARN_ON_ONCE(&image[ctx->idx] >\n  \t\t\t(u32 *)rw_image_end - BPF_INSN_SAFETY)) {\n\nSo, during the dummy pass, instead of providing some arbitrary image\nlocation, account for maximum possible instructions if and when there\nis a dependency with image location for JIT'ing."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/bpf: corrección del cálculo del tamaño del código JIT del trampolín BPF. arch_bpf_trampoline_size() proporciona el tamaño JIT del trampolín BPF antes de asignar el búfer para su procesamiento JIT. El número total de instrucciones emitidas para el código JIT del trampolín BPF depende de la ubicación de la imagen final. Por lo tanto, el tamaño obtenido con el paso ficticio en arch_bpf_trampoline_size() puede variar del tamaño real necesario en arch_prepare_bpf_trampoline(). Cuando las instrucciones contabilizadas en arch_bpf_trampoline_size() son menores que la cantidad de instrucciones emitidas durante la compilación JIT real del trampolín, se produce la siguiente advertencia: ADVERTENCIA: CPU: 8 PID: 204190 en arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc que es: /* Asegúrese de que la lógica de generación del trampolín no se desborde */ if (image && WARN_ON_ONCE(&image[ctx->idx] > (u32 *)rw_image_end - BPF_INSN_SAFETY)) { Entonces, durante el pase ficticio, en lugar de proporcionar una ubicación de imagen arbitraria, tenga en cuenta la máxima cantidad de instrucciones posibles si y cuando exista una dependencia con la ubicación de la imagen para JIT."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.4","matchCriteriaId":"DFD174C5-1AA2-4671-BDDC-1A9FCC753655"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/59ba025948be2a92e8bc9ae1cbdaf197660bd508","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7833deb95e05bec146414b3a2feb24f025ca27c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}