{"id":"CVE-2025-38607","summary":"bpf: handle jset (if a & b ...) as a jump in CFG computation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: handle jset (if a & b ...) as a jump in CFG computation\n\nBPF_JSET is a conditional jump and currently verifier.c:can_jump()\ndoes not know about that. This can lead to incorrect live registers\nand SCC computation.\n\nE.g. in the following example:\n\n   1: r0 = 1;\n   2: r2 = 2;\n   3: if r1 & 0x7 goto +1;\n   4: exit;\n   5: r0 = r2;\n   6: exit;\n\nW/o this fix insn_successors(3) will return only (4), a jump to (5)\nwould be missed and r2 won't be marked as alive at (3).","modified":"2026-04-02T12:48:03.300115Z","published":"2025-08-19T17:03:50.947Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38607.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/261b30ad1516f4b9edd500aa6e8d6315c8fc109a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3157f7e2999616ac91f4d559a8566214f74000a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65eb166b8636365ad3d6e36d50a7c5edfe6cc66e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38607.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38607"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"14c8552db64476ffc27c13dc6652fc0dac31c0ba"},{"fixed":"65eb166b8636365ad3d6e36d50a7c5edfe6cc66e"},{"fixed":"261b30ad1516f4b9edd500aa6e8d6315c8fc109a"},{"fixed":"3157f7e2999616ac91f4d559a8566214f74000a5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38607.json"}}],"schema_version":"1.7.5"}