{"id":"CVE-2025-38586","summary":"bpf, arm64: Fix fp initialization for exception boundary","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix fp initialization for exception boundary\n\nIn the ARM64 BPF JIT when prog-\u003eaux-\u003eexception_boundary is set for a BPF\nprogram, find_used_callee_regs() is not called because for a program\nacting as exception boundary, all callee saved registers are saved.\nfind_used_callee_regs() sets `ctx-\u003efp_used = true;` when it sees FP\nbeing used in any of the instructions.\n\nFor programs acting as exception boundary, ctx-\u003efp_used remains false\neven if frame pointer is used by the program and therefore, FP is not\nset-up for such programs in the prologue. This can cause the kernel to\ncrash due to a pagefault.\n\nFix it by setting ctx-\u003efp_used = true for exception boundary programs as\nfp is always saved in such programs.","modified":"2026-04-02T12:48:02.577843Z","published":"2025-08-19T17:03:08.012Z","related":["SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38586.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0dbef493cae7d451f740558665893c000adb2321"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ce30231e0a2c8c361ee5f8f7f265fc17130adce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b114fcee766d5101eada1aca7bb5fd0a86c89b35"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e23184725dbb72d5d02940222eee36dbba2aa422"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38586.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38586"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5d4fa9ec5643a5c75d3c1e6abf50fb9284caf1ff"},{"fixed":"0dbef493cae7d451f740558665893c000adb2321"},{"fixed":"e23184725dbb72d5d02940222eee36dbba2aa422"},{"fixed":"1ce30231e0a2c8c361ee5f8f7f265fc17130adce"},{"fixed":"b114fcee766d5101eada1aca7bb5fd0a86c89b35"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38586.json"}}],"schema_version":"1.7.5"}