CVE-2025-38528: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38528 is a vulnerability discovered in the Linux kernel related to improper handling of format strings in BPF (Berkeley Packet Filter) helpers. The vulnerability was first published on August 16, 2025, and affects various Linux distributions including Ubuntu and Debian (NVD, Ubuntu Security).

The vulnerability exists in the BPF subsystem where a format string containing '%p%' in bprintf-like helpers is not properly rejected. When exploited, a BPF program using this format string causes a kernel warning at runtime with the message 'Please remove unsupported %\x00 in format string' at lib/vsprintf.c:2680. The issue occurs because bpfbprintfprepare incorrectly skips over the second % character, treating it as punctuation while processing %p (NVD).

The vulnerability affects multiple Linux distributions and their derivatives, particularly impacting newer versions of Ubuntu (22.04 LTS, 24.04 LTS, and 25.04) and Debian testing releases. Various kernel packages including linux-azure, linux-gcp, and linux-aws are affected (Ubuntu Security, Debian Security).

A patch has been developed that fixes the issue by modifying the bpfbprintfprepare function to not skip over punctuation characters. This ensures that the %\x00 is properly processed and rejected in the next iteration. The fix has been incorporated into newer kernel versions (NVD).