CVE-2025-37948
📋 TL;DR
This CVE addresses a speculative execution vulnerability in the Linux kernel's classic BPF (cBPF) implementation on ARM64 systems. A malicious BPF program loaded via seccomp could manipulate branch history to influence hardware speculation, potentially leading to information disclosure. Only systems running Linux kernel on ARM64 architecture with seccomp loading cBPF programs are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Information disclosure through speculative execution side-channels, potentially leaking sensitive kernel memory or process data to unprivileged attackers.
Likely Case
Limited information disclosure requiring local access and ability to load malicious BPF programs via seccomp, with exploitation requiring significant technical expertise.
If Mitigated
Minimal impact if systems are properly patched or don't use seccomp with cBPF programs on ARM64.
🎯 Exploit Status
Exploitation requires local access, ability to load BPF programs via seccomp, and understanding of speculative execution attacks. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0dfefc2ea2f29ced2416017d7e5b1253a54c2735, 38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78, 42a20cf51011788f04cf2adbcd7681f02bdb6c27, 852b8ae934b5cbdc62496fa56ce9969aa2edda7f, 8fe5c37b0e08a97cf0210bb75970e945aaaeebab
Vendor Advisory: https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable seccomp BPF filtering
linuxPrevent loading of cBPF programs via seccomp to mitigate the vulnerability.
echo 0 > /proc/sys/kernel/seccomp/actions_logged
echo 0 > /proc/sys/kernel/seccomp/actions_avail
Use eBPF instead of cBPF
linuxMigrate from classic BPF to extended BPF (eBPF) which is not affected by this vulnerability.
🧯 If You Can't Patch
- Restrict seccomp usage to trusted applications only
- Implement strict access controls to prevent unauthorized users from loading BPF programs
🔍 How to Verify
Check if Vulnerable:
Check if running on ARM64 architecture and if kernel version predates the fix commits: uname -m && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: grep -q '0dfefc2ea2f29ced2416017d7e5b1253a54c2735\|38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78\|42a20cf51011788f04cf2adbcd7681f02bdb6c27\|852b8ae934b5cbdc62496fa56ce9969aa2edda7f\|8fe5c37b0e08a97cf0210bb75970e945aaaeebab' /proc/version📡 Detection & Monitoring
Log Indicators:
- Failed attempts to load BPF programs via seccomp
- Unusual seccomp filter activity
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("seccomp" OR "BPF") AND ("load" OR "filter")🔗 References
- https://git.kernel.org/stable/c/0dfefc2ea2f29ced2416017d7e5b1253a54c2735
- https://git.kernel.org/stable/c/38c345fd54afd9d6ed8d3fcddf3f6ea23887bf78
- https://git.kernel.org/stable/c/42a20cf51011788f04cf2adbcd7681f02bdb6c27
- https://git.kernel.org/stable/c/852b8ae934b5cbdc62496fa56ce9969aa2edda7f
- https://git.kernel.org/stable/c/8fe5c37b0e08a97cf0210bb75970e945aaaeebab
- https://git.kernel.org/stable/c/993f63239c219696aef8887a4e7d3a16bf5a8ece
- https://git.kernel.org/stable/c/c6a8735d841bcb7649734bb3a787bb174c67c0d8
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
