[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38279":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":98,"related":99,"reserved_at":9,"published_at":111,"modified_at":112,"state":113,"summary":114,"references_raw":123,"kevs":138,"epss":139,"epss_history":142,"metrics":414,"affected":420},"CVE-2025-38279","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n  [   60.643604] verifier backtracking bug\n  [   60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n  [   60.648428] Modules linked in: bpf_testmod(OE)\n  [   60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G           OE       6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n  [   60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n  [   60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  [   60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n  [   60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n                       01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003C0f> 0b e9 46 fa ff ff 48 ...\n  [   60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n  [   60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n  [   60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n  [   60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n  [   60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n  [   60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n  [   60.684030] FS:  00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n  [   60.686837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [   60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n  [   60.691623] Call Trace:\n  [   60.692821]  \u003CTASK>\n  [   60.693960]  ? __pfx_verbose+0x10/0x10\n  [   60.695656]  ? __pfx_disasm_kfunc_name+0x10/0x10\n  [   60.697495]  check_cond_jmp_op+0x16f7/0x39b0\n  [   60.699237]  do_check+0x58fa/0xab10\n  ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n  4294                 /* static subprog call instruction, which\n  4295                  * means that we are exiting current subprog,\n  4296                  * so only r1-r5 could be still requested as\n  4297                  * precise, r0 and r6-r10 or any stack slot in\n  4298                  * the current frame should be zero by now\n  4299                  */\n  4300                 if (bt_reg_mask(bt) & ~BPF_REGMASK_ARGS) {\n  4301                         verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n  4302                         WARN_ONCE(1, \"verifier backtracking bug\");\n  4303                         return -EFAULT;\n  4304                 }\n\nWith the below test (also in the next patch):\n  __used __naked static void __bpf_jmp_r10(void)\n  {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003C= r10 goto +3;\"\n\t\"if r1 >= -1835016 goto +0;\"\n\t\"if r2 \u003C= 8 goto +0;\"\n\t\"if r3 \u003C= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n  }\n\n  SEC(\"?raw_tp\")\n  __naked void bpf_jmp_r10(void)\n  {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n  }\n\nThe following is the verifier failure log:\n  0: (18) r3 = 0x0                      ; R3_w=0\n  2: (85) call pc+2\n  caller:\n   R10=fp0\n  callee:\n   frame1: R1=ctx() R3_w=0 R10=fp0\n  5: frame1: R1=ctx() R3_w=0 R10=fp0\n  ; asm volatile (\"                                 \\ @ verifier_precision.c:184\n  5: (18) r2 = 0x20202000256c6c78       ; frame1: R2_w=0x20202000256c6c78\n  7: (05) goto pc+0\n  8: (bd) if r2 \u003C= r10 goto pc+3        ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n  9: (35) if r1 >= 0xffe3fff8 goto pc+0         ; frame1: R1=ctx()\n  10: (b5) if r2 \u003C= 0x8 goto pc+0\n  mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n  mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 >= 0xffe3fff8 goto pc+0\n  mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003C= r10 goto pc+3\n  mark_preci\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":23},"SUSE-SU-2025:02853-1",{"_key":25},"SUSE-SU-2025:02923-1",{"_key":27},"USN-7770-1",{"_key":29},"USN-7789-2",{"_key":31},"SUSE-SU-2025:02969-1",{"_key":33},"SUSE-SU-2025:03023-1",{"_key":35},"SUSE-SU-2025:02997-1",{"_key":37},"SUSE-SU-2025:03011-1",{"_key":39},"SUSE-SU-2025:20577-1",{"_key":41},"SUSE-SU-2025:20586-1",{"_key":43},"SUSE-SU-2025:20601-1",{"_key":45},"SUSE-SU-2025:20602-1",{"_key":47},"SUSE-SU-2025:02996-1",{"_key":49},"DEBIAN-CVE-2025-38279",{"_key":51},"USN-8028-1",{"_key":53},"USN-8028-2",{"_key":55},"USN-8028-3",{"_key":57},"USN-8028-4",{"_key":59},"USN-8028-5",{"_key":61},"USN-8028-6",{"_key":63},"USN-8028-7",{"_key":65},"USN-8028-8",{"_key":67},"USN-8031-1",{"_key":69},"USN-8031-2",{"_key":71},"USN-8031-3",{"_key":73},"USN-8052-1",{"_key":75},"USN-8052-2",{"_key":77},"USN-8074-1",{"_key":79},"USN-8074-2",{"_key":81},"USN-8126-1",{"_key":83},"RHSA-2026:18587",{"_key":85},"RHSA-2026:18134",{"_key":87},"USN-7769-1",{"_key":89},"USN-7769-2",{"_key":91},"USN-7769-3",{"_key":93},"USN-7771-1",{"_key":95},"USN-7789-1",{"_key":97},"UBUNTU-CVE-2025-38279",[],[100,101,102,103,104,105,106,107,108,109,110],{"_key":23},{"_key":25},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},"2025-07-10T07:41:58.184Z","2026-05-23T15:59:20.262Z","Analyzed",{"cisa_kev":115,"cisa_ransomware":115,"cisa_vendor":9,"epss_severity":116,"epss_score":117,"severity":118,"severity_score":119,"severity_version":120,"severity_source":121,"severity_vector":122,"severity_status":113},false,"low",0.00051,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[124,130,134],{"url":125,"sources":126,"tags":128},"https://git.kernel.org/stable/c/4265682c29c92f52c0da6fad5a79b5801462c8de",[127,121],"cve.org",[129],"Patch",{"url":131,"sources":132,"tags":133},"https://git.kernel.org/stable/c/ac49b7560b4b08b1e4043a29214cc7ad77644c00",[127,121],[129],{"url":135,"sources":136,"tags":137},"https://git.kernel.org/stable/c/e2d2115e56c4a02377189bfc3a9a7933552a7b0f",[127,121],[129],[],{"date":140,"score":117,"percentile":141},"2026-06-04",0.16261,[143,147,150,153,156,159,163,166,169,172,175,178,181,184,187,191,194,197,200,203,206,209,212,215,218,221,224,227,230,232,234,237,240,244,248,251,254,257,260,263,266,269,272,275,278,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,329,332,335,338,341,344,346,349,352,355,358,361,364,366,368,371,374,377,380,383,386,389,392,395,399,402,405,408,411],{"date":144,"score":145,"percentile":146},"2025-11-04",0.00031,0.07788,{"date":148,"score":145,"percentile":149},"2025-11-05",0.07842,{"date":151,"score":145,"percentile":152},"2025-11-06",0.07953,{"date":154,"score":145,"percentile":155},"2025-11-07",0.07987,{"date":157,"score":145,"percentile":158},"2025-11-08",0.08004,{"date":160,"score":161,"percentile":162},"2025-11-09",0.0004,0.11788,{"date":164,"score":161,"percentile":165},"2025-11-10",0.11732,{"date":167,"score":161,"percentile":168},"2025-11-11",0.11758,{"date":170,"score":161,"percentile":171},"2025-11-12",0.11785,{"date":173,"score":161,"percentile":174},"2025-11-13",0.11811,{"date":176,"score":161,"percentile":177},"2025-11-14",0.11824,{"date":179,"score":161,"percentile":180},"2025-11-15",0.11825,{"date":182,"score":161,"percentile":183},"2025-11-16",0.11819,{"date":185,"score":161,"percentile":186},"2025-11-17",0.11794,{"date":188,"score":189,"percentile":190},"2025-11-18",0.00032,0.05018,{"date":192,"score":189,"percentile":193},"2025-11-19",0.05052,{"date":195,"score":189,"percentile":196},"2025-11-20",0.05102,{"date":198,"score":161,"percentile":199},"2025-11-21",0.11821,{"date":201,"score":161,"percentile":202},"2025-11-22",0.11829,{"date":204,"score":161,"percentile":205},"2025-11-23",0.11823,{"date":207,"score":161,"percentile":208},"2025-11-24",0.11773,{"date":210,"score":161,"percentile":211},"2025-11-25",0.11778,{"date":213,"score":161,"percentile":214},"2025-11-26",0.1177,{"date":216,"score":161,"percentile":217},"2025-11-27",0.11776,{"date":219,"score":161,"percentile":220},"2025-11-28",0.11767,{"date":222,"score":161,"percentile":223},"2025-11-29",0.11723,{"date":225,"score":161,"percentile":226},"2025-11-30",0.11724,{"date":228,"score":161,"percentile":229},"2025-12-01",0.11759,{"date":231,"score":161,"percentile":220},"2025-12-02",{"date":233,"score":161,"percentile":217},"2025-12-03",{"date":235,"score":161,"percentile":236},"2025-12-04",0.11762,{"date":238,"score":161,"percentile":239},"2025-12-05",0.11803,{"date":241,"score":242,"percentile":243},"2025-12-06",0.00026,0.06277,{"date":245,"score":246,"percentile":247},"2025-12-07",0.00025,0.05892,{"date":249,"score":246,"percentile":250},"2025-12-08",0.05905,{"date":252,"score":246,"percentile":253},"2025-12-09",0.05966,{"date":255,"score":246,"percentile":256},"2025-12-10",0.06035,{"date":258,"score":246,"percentile":259},"2025-12-11",0.06038,{"date":261,"score":246,"percentile":262},"2025-12-12",0.0605,{"date":264,"score":246,"percentile":265},"2025-12-13",0.0609,{"date":267,"score":246,"percentile":268},"2025-12-14",0.06065,{"date":270,"score":246,"percentile":271},"2025-12-15",0.06048,{"date":273,"score":246,"percentile":274},"2025-12-16",0.06072,{"date":276,"score":246,"percentile":277},"2025-12-17",0.06152,{"date":279,"score":280,"percentile":281},"2025-12-18",0.0003,0.07966,{"date":283,"score":280,"percentile":284},"2025-12-19",0.07954,{"date":286,"score":280,"percentile":287},"2025-12-20",0.0794,{"date":289,"score":280,"percentile":290},"2025-12-21",0.0791,{"date":292,"score":280,"percentile":293},"2025-12-22",0.07865,{"date":295,"score":280,"percentile":296},"2025-12-23",0.07876,{"date":298,"score":280,"percentile":299},"2025-12-24",0.07895,{"date":301,"score":280,"percentile":302},"2025-12-25",0.07971,{"date":304,"score":280,"percentile":305},"2025-12-26",0.0798,{"date":307,"score":280,"percentile":308},"2025-12-27",0.07968,{"date":310,"score":280,"percentile":311},"2025-12-28",0.07974,{"date":313,"score":280,"percentile":314},"2025-12-29",0.07955,{"date":316,"score":280,"percentile":317},"2025-12-30",0.07931,{"date":319,"score":280,"percentile":320},"2025-12-31",0.07963,{"date":322,"score":280,"percentile":323},"2026-01-01",0.08031,{"date":325,"score":280,"percentile":326},"2026-01-02",0.08035,{"date":328,"score":280,"percentile":326},"2026-01-03",{"date":330,"score":280,"percentile":331},"2026-01-04",0.0797,{"date":333,"score":280,"percentile":334},"2026-01-05",0.07918,{"date":336,"score":280,"percentile":337},"2026-01-06",0.07907,{"date":339,"score":280,"percentile":340},"2026-01-07",0.07941,{"date":342,"score":280,"percentile":343},"2026-01-08",0.08018,{"date":345,"score":280,"percentile":323},"2026-01-09",{"date":347,"score":280,"percentile":348},"2026-01-10",0.0805,{"date":350,"score":280,"percentile":351},"2026-01-11",0.08037,{"date":353,"score":280,"percentile":354},"2026-01-12",0.08013,{"date":356,"score":280,"percentile":357},"2026-01-13",0.07984,{"date":359,"score":280,"percentile":360},"2026-01-14",0.08014,{"date":362,"score":280,"percentile":363},"2026-01-15",0.08015,{"date":365,"score":280,"percentile":351},"2026-01-16",{"date":367,"score":280,"percentile":348},"2026-01-17",{"date":369,"score":280,"percentile":370},"2026-01-18",0.08028,{"date":372,"score":280,"percentile":373},"2026-01-19",0.07988,{"date":375,"score":280,"percentile":376},"2026-01-20",0.07948,{"date":378,"score":280,"percentile":379},"2026-01-21",0.07933,{"date":381,"score":280,"percentile":382},"2026-01-22",0.07917,{"date":384,"score":280,"percentile":385},"2026-01-23",0.08009,{"date":387,"score":280,"percentile":388},"2026-01-24",0.08065,{"date":390,"score":280,"percentile":391},"2026-01-25",0.08042,{"date":393,"score":280,"percentile":394},"2026-01-26",0.08003,{"date":396,"score":397,"percentile":398},"2026-01-27",0.00012,0.01364,{"date":400,"score":397,"percentile":401},"2026-01-28",0.01363,{"date":403,"score":397,"percentile":404},"2026-01-29",0.01374,{"date":406,"score":397,"percentile":407},"2026-01-30",0.01378,{"date":409,"score":397,"percentile":410},"2026-01-31",0.01393,{"date":412,"score":397,"percentile":413},"2026-02-01",0.01417,[415],{"source":121,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":416,"cvss_v4_0":9},{"baseScore":119,"baseSeverity":417,"vectorString":122,"impactScore":418,"exploitabilityScore":419},"HIGH",9.8,4.6,[421,446],{"ecosystem":9,"name":422,"vendor":423,"product":423,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"Linux","linux","a",[426,433,436,439,441,445],{"version":427,"is_range":428,"range_type":127,"version_start":429,"version_start_type":430,"version_end":431,"version_end_type":432,"fixed_in":9},">= 407958a0e980b9e1842ab87b5a1040521e1e24e9, \u003C 4265682c29c92f52c0da6fad5a79b5801462c8de",true,"407958a0e980b9e1842ab87b5a1040521e1e24e9","including","4265682c29c92f52c0da6fad5a79b5801462c8de","excluding",{"version":434,"is_range":428,"range_type":127,"version_start":429,"version_start_type":430,"version_end":435,"version_end_type":432,"fixed_in":9},">= 407958a0e980b9e1842ab87b5a1040521e1e24e9, \u003C ac49b7560b4b08b1e4043a29214cc7ad77644c00","ac49b7560b4b08b1e4043a29214cc7ad77644c00",{"version":437,"is_range":428,"range_type":127,"version_start":429,"version_start_type":430,"version_end":438,"version_end_type":432,"fixed_in":9},">= 407958a0e980b9e1842ab87b5a1040521e1e24e9, \u003C e2d2115e56c4a02377189bfc3a9a7933552a7b0f","e2d2115e56c4a02377189bfc3a9a7933552a7b0f",{"version":440,"is_range":115,"range_type":127,"version_start":440,"version_start_type":430,"version_end":440,"version_end_type":430,"fixed_in":9},"fc2778c42f99c7de52fc004157b3c3ee4dcc208a",{"version":442,"is_range":428,"range_type":127,"version_start":443,"version_start_type":430,"version_end":444,"version_end_type":432,"fixed_in":9},">= 6.4.4, \u003C 6.5","6.4.4","6.5",{"version":444,"is_range":115,"range_type":127,"version_start":444,"version_start_type":430,"version_end":444,"version_end_type":430,"fixed_in":9},{"ecosystem":9,"name":447,"vendor":423,"product":448,"cpe_part":449,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":450},"linux kernel","linux_kernel","o",[451,455],{"version":452,"is_range":428,"range_type":453,"version_start":443,"version_start_type":430,"version_end":454,"version_end_type":432,"fixed_in":9},"gte6.4.4_lt6.12.37","cpe","6.12.37",{"version":456,"is_range":428,"range_type":453,"version_start":457,"version_start_type":430,"version_end":458,"version_end_type":432,"fixed_in":9},"gte6.13_lt6.15.3","6.13","6.15.3"]