{"id":"CVE-2025-38723","summary":"LoongArch: BPF: Fix jump offset calculation in tailcall","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Fix jump offset calculation in tailcall\n\nThe extra pass of bpf_int_jit_compile() skips JIT context initialization\nwhich essentially skips offset calculation leaving out_offset = -1, so\nthe jmp_offset in emit_bpf_tail_call is calculated by\n\n\"#define jmp_offset (out_offset - (cur_offset))\"\n\nis a negative number, which is wrong. The final generated assembly are\nas follow.\n\n54:\tbgeu        \t$a2, $t1, -8\t    # 0x0000004c\n58:\taddi.d      \t$a6, $s5, -1\n5c:\tbltz        \t$a6, -16\t    # 0x0000004c\n60:\talsl.d      \t$t2, $a2, $a1, 0x3\n64:\tld.d        \t$t2, $t2, 264\n68:\tbeq         \t$t2, $zero, -28\t    # 0x0000004c\n\nBefore apply this patch, the follow test case will reveal soft lock issues.\n\ncd tools/testing/selftests/bpf/\n./test_progs --allow=tailcalls/tailcall_bpf2bpf_1\n\ndmesg:\nwatchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056]","modified":"2026-04-16T04:41:23.056828735Z","published":"2025-09-04T15:33:16.547Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38723.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/17c010fe45def335fe03a0718935416b04c7f349"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1a782fa32e644aa9fbae6c8488f3e61221ac96e1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9262e3e04621558e875eb5afb5e726b648cd5949"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f83d469e16bb1f75991ca67c56786fb2aaa42bea"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38723.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38723"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5dc615520c4dfb358245680f1904bad61116648e"},{"fixed":"1a782fa32e644aa9fbae6c8488f3e61221ac96e1"},{"fixed":"17c010fe45def335fe03a0718935416b04c7f349"},{"fixed":"f83d469e16bb1f75991ca67c56786fb2aaa42bea"},{"fixed":"f2b5e50cc04d7a049b385bc1c93b9cbf5f10c94f"},{"fixed":"9262e3e04621558e875eb5afb5e726b648cd5949"},{"fixed":"cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38723.json"}}],"schema_version":"1.7.5"}