Improper locking in Linux kernel - CVE-2025-38723
Published: September 5, 2025
Vulnerability identifier: #VU114831
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38723
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_jit_supports_kfunc_call(), emit_bpf_tail_call() and build_insn() functions in arch/loongarch/net/bpf_jit.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2025-38723
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349
- https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1
- https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949
- https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3
- https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f
- https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea