{"id":"CVE-2025-38528","summary":"bpf: Reject %p% format string in bprintf-like helpers","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject %p% format string in bprintf-like helpers\n\nstatic const char fmt[] = \"%p%\";\n    bpf_trace_printk(fmt, sizeof(fmt));\n\nThe above BPF program isn't rejected and causes a kernel warning at\nruntime:\n\n    Please remove unsupported %\\x00 in format string\n    WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0\n\nThis happens because bpf_bprintf_prepare skips over the second %,\ndetected as punctuation, while processing %p. This patch fixes it by\nnot skipping over punctuation. %\\x00 is then processed in the next\niteration and rejected.","modified":"2026-03-20T12:42:54.023606Z","published":"2025-08-16T11:12:21.667Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38528.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c5f5fd47bbda17cb885fe6f03730702cd53d3f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61d5fa45ed13e42af14c7e959baba9908b8ee6d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6952aeace93f8c9ea01849efecac24dd3152c9c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/97303e541e12f1fea97834ec64b98991e8775f39"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e7be679124bae8cf4fa6e40d7e1661baddfb3289"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f8242745871f81a3ac37f9f51853d12854fd0b58"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38528.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38528"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"48cac3f4a96ddf08df8e53809ed066de0dc93915"},{"fixed":"97303e541e12f1fea97834ec64b98991e8775f39"},{"fixed":"61d5fa45ed13e42af14c7e959baba9908b8ee6d4"},{"fixed":"e7be679124bae8cf4fa6e40d7e1661baddfb3289"},{"fixed":"6952aeace93f8c9ea01849efecac24dd3152c9c9"},{"fixed":"1c5f5fd47bbda17cb885fe6f03730702cd53d3f8"},{"fixed":"f8242745871f81a3ac37f9f51853d12854fd0b58"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38528.json"}}],"schema_version":"1.7.5"}