CVE-2025-37893: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-37893 is a vulnerability discovered in the Linux kernel affecting the LoongArch BPF (Berkeley Packet Filter) implementation. The vulnerability was disclosed on April 18, 2025, and involves an off-by-one error in the build_prologue() function (NVD, Red Hat).

The vulnerability stems from an off-by-one error in the buildprologue() function of the LoongArch BPF implementation. The issue occurs during JIT compilation, which involves two passes: the first pass sets flags, and the second pass generates JIT code. When BPF programs mix bpf2bpf and tailcalls, buildprologue() generates N instructions in the first pass but N+1 instructions in the second pass. This discrepancy causes the epilogue_offset to be off by one, resulting in jumps to unexpected instructions. The vulnerability has been assigned a CVSS v3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and is categorized under CWE-193 (Red Hat).

When exploited, this vulnerability causes kernel hard lockups when running BPF programs with tailcalls on LoongArch systems. The JITed image lacks a jirl instruction at the end of the epilogue, leading to system instability (NVD).

The vulnerability has been fixed by inserting a nop instruction to correct the instruction count mismatch. Various Linux distributions have released patches, with Debian marking it as fixed in version 6.12.25-1 for sid and some earlier versions for other releases (Debian).