[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-38591":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":104,"related":105,"reserved_at":9,"published_at":124,"modified_at":125,"state":126,"summary":127,"references_raw":136,"kevs":163,"epss":164,"epss_history":167,"metrics":441,"affected":447},"CVE-2025-38591","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject narrower access to pointer ctx fields\n\nThe following BPF program, simplified from a syzkaller repro, causes a\nkernel warning:\n\n    r0 = *(u8 *)(r1 + 169);\n    exit;\n\nWith pointer field sk being at offset 168 in __sk_buff. This access is\ndetected as a narrower read in bpf_skb_is_valid_access because it\ndoesn't match offsetof(struct __sk_buff, sk). It is therefore allowed\nand later proceeds to bpf_convert_ctx_access. Note that for the\n\"is_narrower_load\" case in the convert_ctx_accesses(), the insn->off\nis aligned, so the cnt may not be 0 because it matches the\noffsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,\nthe target_size stays 0 and the verifier errors with a kernel warning:\n\n    verifier bug: error during ctx access conversion(1)\n\nThis patch fixes that to return a proper \"invalid bpf_context access\noff=X size=Y\" error on the load instruction.\n\nThe same issue affects multiple other fields in context structures that\nallow narrow access. Some other non-affected fields (for sk_msg,\nsk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for\nconsistency.\n\nNote this syzkaller crash was reported in the \"Closes\" link below, which\nused to be about a different bug, fixed in\ncommit fce7bd8e385a (\"bpf/verifier: Handle BPF_LOAD_ACQ instructions\nin insn_def_regno()\"). Because syzbot somehow confused the two bugs,\nthe new crash and repro didn't get reported to the mailing list.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102],{"_key":23},"SUSE-SU-2025:03301-1",{"_key":25},"DLA-4476-1",{"_key":27},"DLA-4475-1",{"_key":29},"DSA-6126-1",{"_key":31},"DSA-6127-1",{"_key":33},"SUSE-SU-2025:03290-1",{"_key":35},"SUSE-SU-2025:03382-1",{"_key":37},"SUSE-SU-2025:03602-1",{"_key":39},"SUSE-SU-2025:03633-1",{"_key":41},"SUSE-SU-2025:20653-1",{"_key":43},"SUSE-SU-2025:20669-1",{"_key":45},"SUSE-SU-2025:20739-1",{"_key":47},"SUSE-SU-2025:20756-1",{"_key":49},"SUSE-SU-2025:21074-1",{"_key":51},"SUSE-SU-2025:21139-1",{"_key":53},"SUSE-SU-2025:21179-1",{"_key":55},"SUSE-SU-2026:0473-1",{"_key":57},"SUSE-SU-2025:03272-1",{"_key":59},"SUSE-SU-2025:03634-1",{"_key":61},"OPENSUSE-SU-2025:20081-1",{"_key":63},"DEBIAN-CVE-2025-38591",{"_key":65},"USN-8162-1",{"_key":67},"USN-8180-1",{"_key":69},"USN-8180-2",{"_key":71},"USN-8180-3",{"_key":73},"USN-8180-4",{"_key":75},"USN-8180-5",{"_key":77},"USN-8186-1",{"_key":79},"USN-8187-1",{"_key":81},"USN-8188-1",{"_key":83},"USN-8243-1",{"_key":85},"USN-8180-6",{"_key":87},"USN-8275-1",{"_key":89},"USN-8278-1",{"_key":91},"USN-8289-1",{"_key":93},"USN-8296-1",{"_key":95},"USN-8297-1",{"_key":97},"UBUNTU-CVE-2025-38591",{"_key":99},"USN-8278-2",{"_key":101},"USN-8289-2",{"_key":103},"USN-8296-2",[],[106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122],{"_key":23},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":123},"CGA-HF9W-F84G-WM76","2025-08-19T17:03:12.508Z","2026-05-11T21:31:12.628Z","Analyzed",{"cisa_kev":128,"cisa_ransomware":128,"cisa_vendor":9,"epss_severity":129,"epss_score":130,"severity":131,"severity_score":132,"severity_version":133,"severity_source":134,"severity_vector":135,"severity_status":126},false,"low",0.00014,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[137,143,147,151,155,159],{"url":138,"sources":139,"tags":141},"https://git.kernel.org/stable/c/058a0da4f6d916a79b693384111bb80a90d73763",[140,134],"cve.org",[142],"Patch",{"url":144,"sources":145,"tags":146},"https://git.kernel.org/stable/c/202900ceeef67458c964c2af6e1427c8e533ea7c",[140,134],[142],{"url":148,"sources":149,"tags":150},"https://git.kernel.org/stable/c/e09299225d5ba3916c91ef70565f7d2187e4cca0",[140,134],[142],{"url":152,"sources":153,"tags":154},"https://git.kernel.org/stable/c/7847c4140e06f6e87229faae22cc38525334c156",[140,134],[142],{"url":156,"sources":157,"tags":158},"https://git.kernel.org/stable/c/feae34c992eb7191862fb1594c704fbbf650fef8",[140,134],[142],{"url":160,"sources":161,"tags":162},"https://git.kernel.org/stable/c/33660d44e789edb4f303210c813fc56d56377a90",[140,134],[142],[],{"date":165,"score":130,"percentile":166},"2026-06-03",0.02656,[168,172,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,298,301,304,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,390,393,396,399,401,404,407,410,413,416,419,422,426,429,432,435,438],{"date":169,"score":170,"percentile":171},"2025-11-04",0.00027,0.06391,{"date":173,"score":170,"percentile":174},"2025-11-05",0.06415,{"date":176,"score":170,"percentile":177},"2025-11-06",0.06525,{"date":179,"score":170,"percentile":180},"2025-11-07",0.06535,{"date":182,"score":170,"percentile":183},"2025-11-08",0.06533,{"date":185,"score":170,"percentile":186},"2025-11-09",0.06514,{"date":188,"score":170,"percentile":189},"2025-11-10",0.06491,{"date":191,"score":170,"percentile":192},"2025-11-11",0.06517,{"date":194,"score":170,"percentile":195},"2025-11-12",0.06557,{"date":197,"score":170,"percentile":198},"2025-11-13",0.06594,{"date":200,"score":170,"percentile":201},"2025-11-14",0.0662,{"date":203,"score":170,"percentile":204},"2025-11-15",0.06649,{"date":206,"score":170,"percentile":207},"2025-11-16",0.06661,{"date":209,"score":170,"percentile":210},"2025-11-17",0.0666,{"date":212,"score":170,"percentile":213},"2025-11-18",0.03993,{"date":215,"score":170,"percentile":216},"2025-11-19",0.04036,{"date":218,"score":170,"percentile":219},"2025-11-20",0.04092,{"date":221,"score":170,"percentile":222},"2025-11-21",0.06786,{"date":224,"score":170,"percentile":225},"2025-11-22",0.06769,{"date":227,"score":170,"percentile":228},"2025-11-23",0.06753,{"date":230,"score":170,"percentile":231},"2025-11-24",0.06735,{"date":233,"score":170,"percentile":234},"2025-11-25",0.06736,{"date":236,"score":170,"percentile":237},"2025-11-26",0.06739,{"date":239,"score":240,"percentile":241},"2025-11-27",0.00019,0.03971,{"date":243,"score":240,"percentile":244},"2025-11-28",0.03967,{"date":246,"score":240,"percentile":247},"2025-11-29",0.04013,{"date":249,"score":240,"percentile":250},"2025-11-30",0.04025,{"date":252,"score":240,"percentile":253},"2025-12-01",0.04118,{"date":255,"score":240,"percentile":256},"2025-12-02",0.04133,{"date":258,"score":240,"percentile":259},"2025-12-03",0.0415,{"date":261,"score":240,"percentile":262},"2025-12-04",0.04094,{"date":264,"score":240,"percentile":265},"2025-12-05",0.04156,{"date":267,"score":240,"percentile":268},"2025-12-06",0.04172,{"date":270,"score":240,"percentile":271},"2025-12-07",0.04176,{"date":273,"score":240,"percentile":274},"2025-12-08",0.04184,{"date":276,"score":240,"percentile":277},"2025-12-09",0.04233,{"date":279,"score":240,"percentile":280},"2025-12-10",0.04275,{"date":282,"score":240,"percentile":283},"2025-12-11",0.04272,{"date":285,"score":240,"percentile":286},"2025-12-12",0.04289,{"date":288,"score":240,"percentile":289},"2025-12-13",0.04318,{"date":291,"score":240,"percentile":292},"2025-12-14",0.04304,{"date":294,"score":240,"percentile":295},"2025-12-15",0.04261,{"date":297,"score":240,"percentile":283},"2025-12-16",{"date":299,"score":240,"percentile":300},"2025-12-17",0.04325,{"date":302,"score":240,"percentile":303},"2025-12-18",0.04357,{"date":305,"score":306,"percentile":307},"2025-12-19",0.00025,0.06099,{"date":309,"score":306,"percentile":310},"2025-12-20",0.06091,{"date":312,"score":306,"percentile":313},"2025-12-21",0.0608,{"date":315,"score":306,"percentile":316},"2025-12-22",0.06041,{"date":318,"score":306,"percentile":319},"2025-12-23",0.06053,{"date":321,"score":306,"percentile":322},"2025-12-24",0.06085,{"date":324,"score":306,"percentile":325},"2025-12-25",0.06136,{"date":327,"score":306,"percentile":328},"2025-12-26",0.06128,{"date":330,"score":306,"percentile":331},"2025-12-27",0.06126,{"date":333,"score":306,"percentile":334},"2025-12-28",0.0612,{"date":336,"score":306,"percentile":337},"2025-12-29",0.06102,{"date":339,"score":306,"percentile":340},"2025-12-30",0.06084,{"date":342,"score":306,"percentile":343},"2025-12-31",0.06143,{"date":345,"score":306,"percentile":346},"2026-01-01",0.0621,{"date":348,"score":306,"percentile":349},"2026-01-02",0.06205,{"date":351,"score":306,"percentile":352},"2026-01-03",0.06186,{"date":354,"score":306,"percentile":355},"2026-01-04",0.061,{"date":357,"score":306,"percentile":358},"2026-01-05",0.06048,{"date":360,"score":306,"percentile":361},"2026-01-06",0.06054,{"date":363,"score":306,"percentile":364},"2026-01-07",0.06074,{"date":366,"score":306,"percentile":367},"2026-01-08",0.06135,{"date":369,"score":306,"percentile":370},"2026-01-09",0.06131,{"date":372,"score":306,"percentile":373},"2026-01-10",0.06133,{"date":375,"score":306,"percentile":376},"2026-01-11",0.06139,{"date":378,"score":306,"percentile":379},"2026-01-12",0.06119,{"date":381,"score":306,"percentile":382},"2026-01-13",0.06106,{"date":384,"score":306,"percentile":385},"2026-01-14",0.06154,{"date":387,"score":388,"percentile":389},"2026-01-15",0.00016,0.02828,{"date":391,"score":388,"percentile":392},"2026-01-16",0.02568,{"date":394,"score":388,"percentile":395},"2026-01-17",0.02571,{"date":397,"score":388,"percentile":398},"2026-01-18",0.02576,{"date":400,"score":388,"percentile":392},"2026-01-19",{"date":402,"score":388,"percentile":403},"2026-01-20",0.02554,{"date":405,"score":388,"percentile":406},"2026-01-21",0.02546,{"date":408,"score":388,"percentile":409},"2026-01-22",0.02543,{"date":411,"score":130,"percentile":412},"2026-01-23",0.01979,{"date":414,"score":130,"percentile":415},"2026-01-24",0.01989,{"date":417,"score":130,"percentile":418},"2026-01-25",0.01982,{"date":420,"score":130,"percentile":421},"2026-01-26",0.0198,{"date":423,"score":424,"percentile":425},"2026-01-27",0.00017,0.03052,{"date":427,"score":424,"percentile":428},"2026-01-28",0.03055,{"date":430,"score":424,"percentile":431},"2026-01-29",0.03079,{"date":433,"score":424,"percentile":434},"2026-01-30",0.03082,{"date":436,"score":424,"percentile":437},"2026-01-31",0.03103,{"date":439,"score":424,"percentile":440},"2026-02-01",0.03176,[442],{"source":134,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":132,"baseSeverity":444,"vectorString":135,"impactScore":445,"exploitabilityScore":446},"MEDIUM",6,4.6,[448,477],{"ecosystem":9,"name":449,"vendor":450,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"Linux","linux","a",[453,460,463,466,469,472,475],{"version":454,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":458,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C 7847c4140e06f6e87229faae22cc38525334c156",true,"f96da09473b52c09125cc9bf7d7d4576ae8229e0","including","7847c4140e06f6e87229faae22cc38525334c156","excluding",{"version":461,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":462,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C feae34c992eb7191862fb1594c704fbbf650fef8","feae34c992eb7191862fb1594c704fbbf650fef8",{"version":464,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":465,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C 33660d44e789edb4f303210c813fc56d56377a90","33660d44e789edb4f303210c813fc56d56377a90",{"version":467,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":468,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C 058a0da4f6d916a79b693384111bb80a90d73763","058a0da4f6d916a79b693384111bb80a90d73763",{"version":470,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":471,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C 202900ceeef67458c964c2af6e1427c8e533ea7c","202900ceeef67458c964c2af6e1427c8e533ea7c",{"version":473,"is_range":455,"range_type":140,"version_start":456,"version_start_type":457,"version_end":474,"version_end_type":459,"fixed_in":9},">= f96da09473b52c09125cc9bf7d7d4576ae8229e0, \u003C e09299225d5ba3916c91ef70565f7d2187e4cca0","e09299225d5ba3916c91ef70565f7d2187e4cca0",{"version":476,"is_range":128,"range_type":140,"version_start":476,"version_start_type":457,"version_end":476,"version_end_type":457,"fixed_in":9},"4.13",{"ecosystem":9,"name":478,"vendor":450,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"linux kernel","linux_kernel","o",[482],{"version":483,"is_range":455,"range_type":484,"version_start":476,"version_start_type":457,"version_end":485,"version_end_type":459,"fixed_in":9},"gte4.13_lt6.16.1","cpe","6.16.1"]