CVE-2025-37893

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 18, 2025

Updated: Apr 29, 2025

CWE ID 193

Summary

CVE-2025-37893 is a vulnerability affecting the Linux kernel on LoongArch processors. The issue stems from a mismatch between the number of instructions set in the first pass and the number generated in the second pass during JIT compiling of BPF programs. This discrepancy causes the epilogue offset to be off by one, resulting in a kernel hard lockup due to the processor jumping to an unexpected instruction. The vulnerability has been resolved by inserting a NOP instruction to align the insns and correct the off-by-one error in build_prologue().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5RCO2r
https://www.cve.org/CVERecord?id=CVE-2025-37893
https://nvd.nist.gov/vuln/detail/CVE-2025-37893

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners