CVE-2025-37948

MEDIUM

Linux Kernel - Branch History Injection via cBPF Program Exit

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp.

References (9)

Core 9

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Patch

https://git.kernel.org/stable/c/c6a8735d841bcb7649734bb3a787bb174c67c0d8

Patch

https://git.kernel.org/stable/c/993f63239c219696aef8887a4e7d3a16bf5a8ece

Patch

https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab

Patch

https://git.kernel.org/stable/c/42a20cf51011788f04cf2adbcd7681f02bdb6c27

Patch

https://git.kernel.org/stable/c/38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78

Patch

https://git.kernel.org/stable/c/852b8ae934b5cbdc62496fa56ce9969aa2edda7f

Patch

https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735

Scores

CVSS v3 5.5

EPSS 0.0008

EPSS Percentile 23.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (25)

debian/debian_linux 11.0

linux/Kernel 3.7.0 - 5.10.239linux

linux/Kernel 5.11.0 - 5.15.186linux

linux/Kernel 5.16.0 - 6.1.139linux

linux/Kernel 6.13.0 - 6.14.7linux

linux/Kernel 6.2.0 - 6.6.91linux

linux/Kernel 6.7.0 - 6.12.29linux

Linux/Linux < 3.7

Linux/Linux 0be7320a635c2e434e8b67e0e9474a85ceb421c4 - 0dfefc2ea2f29ced2416017d7e5b1253a54c2735

Linux/Linux 0be7320a635c2e434e8b67e0e9474a85ceb421c4 - 38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78

... and 15 more

Published May 20, 2025

Tracked Since Feb 18, 2026