Login Sign Up

CVE-2025-37893

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in the LoongArch BPF JIT compiler causes an off-by-one error in build_prologue() when handling BPF programs with tailcalls. This can lead to kernel hard lockups (system freezes) on affected LoongArch systems. Only systems running Linux kernel with LoongArch architecture support are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific versions with LoongArch BPF JIT support before the fix commits
Operating Systems: Linux distributions with LoongArch architecture support
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with LoongArch CPU architecture. Requires CONFIG_BPF_JIT and CONFIG_LOONGARCH to be enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system lockup requiring hard reboot, potentially causing denial of service and data loss in critical systems.

🟠

Likely Case

System becomes unresponsive when running specific BPF programs with tailcalls, requiring reboot to restore functionality.

🟢

If Mitigated

No impact if BPF programs with tailcalls are not executed on LoongArch systems.

🌐 Internet-Facing: LOW - Requires local code execution or BPF program loading capability.
🏢 Internal Only: MEDIUM - Could be triggered by legitimate BPF programs or malicious local users with BPF loading privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to load BPF programs with tailcalls on LoongArch systems. Typically requires CAP_BPF or root privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (205a2182c51ffebaef54d643e3745e720cded08b and related)

Vendor Advisory: https://git.kernel.org/stable/c/205a2182c51ffebaef54d643e3745e720cded08b

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BPF JIT on LoongArch

linux

Disable BPF JIT compilation to prevent the vulnerable code path

echo 0 > /proc/sys/net/core/bpf_jit_enable

Restrict BPF program loading

linux

Limit BPF program loading capabilities to trusted users only

Use Linux capabilities or SELinux/AppArmor to restrict CAP_BPF

🧯 If You Can't Patch

  • Disable BPF JIT compilation via sysctl
  • Implement strict access controls to prevent untrusted users from loading BPF programs

🔍 How to Verify

Check if Vulnerable:

Check if running on LoongArch architecture and kernel version is before fix commits: uname -m && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test BPF programs with tailcalls no longer cause lockups

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System lockup events in syslog
  • BPF program loading failures

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for: 'kernel panic' OR 'hard lockup' OR 'BPF' AND 'LoongArch' in system logs

📊 Metadata

CVE ID: CVE-2025-37893
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-193
EPSS Score: 0.06% exploit probability (19.4th percentile)
Published: April 18, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-37893, you might also want to check these:

CVE-2024-10442 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on affected Synology s...

Same vulnerability type (CWE-193)
CVE-2023-46853 9.8

This CVE describes an off-by-one error in Memcached proxy mode when processing requests with newline...

Same vulnerability type (CWE-193)
CVE-2024-38441 9.8

This CVE describes a heap-based buffer overflow vulnerability in Netatalk's AFP service due to an of...

Same vulnerability type (CWE-193)