{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38723","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.033Z","datePublished":"2025-09-04T15:33:16.547Z","dateUpdated":"2026-05-12T12:05:52.998Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:33:44.278Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Fix jump offset calculation in tailcall\n\nThe extra pass of bpf_int_jit_compile() skips JIT context initialization\nwhich essentially skips offset calculation leaving out_offset = -1, so\nthe jmp_offset in emit_bpf_tail_call is calculated by\n\n\"#define jmp_offset (out_offset - (cur_offset))\"\n\nis a negative number, which is wrong. The final generated assembly are\nas follow.\n\n54:\tbgeu        \t$a2, $t1, -8\t    # 0x0000004c\n58:\taddi.d      \t$a6, $s5, -1\n5c:\tbltz        \t$a6, -16\t    # 0x0000004c\n60:\talsl.d      \t$t2, $a2, $a1, 0x3\n64:\tld.d        \t$t2, $t2, 264\n68:\tbeq         \t$t2, $zero, -28\t    # 0x0000004c\n\nBefore apply this patch, the follow test case will reveal soft lock issues.\n\ncd tools/testing/selftests/bpf/\n./test_progs --allow=tailcalls/tailcall_bpf2bpf_1\n\ndmesg:\nwatchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/loongarch/net/bpf_jit.c"],"versions":[{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"1a782fa32e644aa9fbae6c8488f3e61221ac96e1","status":"affected","versionType":"git"},{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"17c010fe45def335fe03a0718935416b04c7f349","status":"affected","versionType":"git"},{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"f83d469e16bb1f75991ca67c56786fb2aaa42bea","status":"affected","versionType":"git"},{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f","status":"affected","versionType":"git"},{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"9262e3e04621558e875eb5afb5e726b648cd5949","status":"affected","versionType":"git"},{"version":"5dc615520c4dfb358245680f1904bad61116648e","lessThan":"cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/loongarch/net/bpf_jit.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.149","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.103","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.43","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.11","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.2","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.103"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.12.43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.15.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.16.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1"},{"url":"https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349"},{"url":"https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea"},{"url":"https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f"},{"url":"https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949"},{"url":"https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3"}],"title":"LoongArch: BPF: Fix jump offset calculation in tailcall","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:41:51.527Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:05:52.998Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC CN 4100","versions":[{"status":"affected","version":"0","lessThan":"V5.0","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}]}]}}