CVE-2025-38489

Summary

In the Linux kernel, the following vulnerability has been resolved:

s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again

Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") has accidentally removed the critical piece of commit c730fce7c70c ("s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL"), causing intermittent kernel panics in e.g. perf's on_switch() prog to reappear.

Restore the fix and add a comment.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc3062bdb859b6e2567e7f5c8cde20c0250bb130f < 0c7b20f7785cfdd59403333612c90b458b12307caffected
LinuxLinux7ded842b356d151ece8ac4985940438e6d3998bb < d5629d1af0600f8cc7c9245e8d832a66358ef889affected
LinuxLinux7ded842b356d151ece8ac4985940438e6d3998bb < a4f9c7846b1ac428921ce9676b1b8c80ed60093caffected
LinuxLinux7ded842b356d151ece8ac4985940438e6d3998bb < 6a5abf8cf182f577c7ae6c62f14debc9754ec986affected
LinuxLinuxd3d74e45a060d218fe4b0c9174f0a77517509d8eaffected
LinuxLinux6.6.26 < 6.6.100affected
LinuxLinux6.8.5 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.6.100 <= 6.6.*unaffected
LinuxLinux6.12.40 <= 6.12.*unaffected
LinuxLinux6.15.8 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References