#VU112836 Resource management error in Linux kernel - CVE-2025-38285


Vulnerability identifier: #VU112836

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38285

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/147ea936fc6fa8fe0c93f0df918803a5375ca535
https://git.kernel.org/stable/c/18e8cbbae79cb35bdce8a01c889827b9799c762e
https://git.kernel.org/stable/c/3880cdbed1c4607e378f58fa924c5d6df900d1d3
https://git.kernel.org/stable/c/44ebe361abb322d2afd77930fa767a99f271c4d1
https://git.kernel.org/stable/c/6d8f39875a10a194051c3eaefebc7ac06a34aaf3
https://git.kernel.org/stable/c/c98cdf6795a36bca163ebb40411fef1687b9eb13
https://git.kernel.org/stable/c/e167414beabb1e941fe563a96becc98627d5bdf6
https://git.kernel.org/stable/c/ee90be48edb3dac612e0b7f5332482a9e8be2696

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
Anolis OS update for kernel:6.6
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra-igx
Ubuntu update for linux-kvm
Ubuntu update for linux-oracle-6.14
Ubuntu update for linux-azure-5.15
Ubuntu update for linux-aws-6.14
Ubuntu update for linux-azure