CVE-2025-38285: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2025-38285) was discovered related to the BPF subsystem. The issue was identified on July 10, 2025, affecting the getbpfrawtpregs function in the kernel/trace/bpf_trace.c file. The vulnerability specifically impacts Linux kernel versions from 6.15.0-rc5 and earlier versions that have the BPF tracing functionality enabled (NVD, Debian Tracker).

The vulnerability occurs in the getbpfrawtpregs function where a WARNONONCE condition is triggered due to nested calls in tracepoint handling. Specifically, the tracemmaplockacquirereturned tracepoint may cause nested calls as a corner case, which triggers the WARNONONCE warning. This issue was discovered using the syzkaller kernel fuzzing tool and manifests in kernel version 6.15.0-rc5-syzkaller-00038-g707df3375124 (NVD).

The vulnerability results in a warning condition in the kernel that could potentially affect system stability when using BPF tracing functionality. While the immediate impact appears to be limited to triggering a kernel warning, it indicates an unexpected state in the BPF tracing subsystem (NVD).

The vulnerability has been resolved by removing the WARNONONCE check as suggested by Alexei. A more general method for handling nested tracepoint calls is planned for future implementation. Fixed versions are available in Linux kernel 6.12.35-1 and later releases (Debian Tracker).