Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.10.239 |
| Debian | Debian Linux | 11.0 |
References
- https://git.kernel.org/stable/c/038866e01ea5e5a3d948898ac216e531e7848669Patch
- https://git.kernel.org/stable/c/477481c4348268136227348984b6699d6370b685Patch
- https://git.kernel.org/stable/c/6e52d043f7dbf1839a24a3fab2b12b0d3839de7aPatch
- https://git.kernel.org/stable/c/80251f62028f1ab2e09be5ca3123f84e8b00389aPatch
- https://git.kernel.org/stable/c/df53d418709205450a02bb4d71cbfb4ff86f2c1ePatch
- https://git.kernel.org/stable/c/e5f5100f1c64ac6c72671b2cf6b46542fce93706Patch
- https://git.kernel.org/stable/c/f300769ead032513a68e4a02e806393402e626f8Patch
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlThird Party Advisory
FAQ
What is CVE-2025-37963?
CVE-2025-37963 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typ...
How severe is CVE-2025-37963?
CVE-2025-37963 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-37963?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.