CVE-2025-37893 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture's implementation of the Berkeley Packet Filter (BPF) subsystem. The issue arises from an off-by-one error in the build_prologue() function used during the Just-In-Time (JIT) compilation of BPF programs that utilize tail calls. BPF programs are used extensively for network packet filtering and performance monitoring within the kernel. The vulnerability manifests when BPF programs mix bpf2bpf calls and tail calls, causing a mismatch between the number of instructions generated in the two-pass JIT compilation process. In the first pass, build_prologue() generates N instructions and sets flags accordingly; however, in the second pass, it generates N+1 instructions due to a missing no-operation (nop) instruction. This discrepancy causes the epilogue_offset to be off by one, leading to the JITed code jumping to an unintended instruction. The consequence is a kernel hard lockup, effectively causing a denial of service (DoS) condition. The root cause is the missing jirl instruction at the end of the epilogue, which the patch addresses by inserting a nop instruction to align instruction counts correctly. This vulnerability is specific to the LoongArch CPU architecture and affects certain Linux kernel versions identified by the commit hash 5dc615520c4dfb358245680f1904bad61116648e. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability was publicly disclosed on April 18, 2025.

For European organizations, the primary impact of CVE-2025-37893 is the potential for kernel hard lockups leading to denial of service on systems running vulnerable Linux kernels on LoongArch architecture. While LoongArch is a relatively new architecture primarily developed in China, its adoption in Europe is currently limited but could grow in specialized environments or through imported hardware. Organizations using Linux servers or embedded systems with LoongArch CPUs could experience system instability, service interruptions, and potential operational downtime. This could affect critical infrastructure, cloud services, or network monitoring tools relying on BPF programs. Since the vulnerability causes a kernel lockup rather than remote code execution or privilege escalation, the confidentiality and integrity impacts are limited. However, availability is significantly impacted due to system crashes. The lack of known exploits reduces immediate risk, but the vulnerability could be leveraged in targeted attacks or accidental system failures. European organizations with supply chains or partnerships involving hardware from regions where LoongArch is more prevalent should be particularly vigilant. Additionally, sectors with high availability requirements such as telecommunications, finance, and manufacturing could face operational disruptions if vulnerable systems are deployed.

To mitigate CVE-2025-37893, European organizations should: 1) Identify and inventory all Linux systems running on LoongArch architecture, focusing on kernel versions matching the affected commit hash. 2) Apply the official Linux kernel patch that inserts the missing nop instruction in build_prologue() as soon as it becomes available from trusted sources or Linux distributions. 3) If immediate patching is not feasible, consider disabling or restricting the use of BPF programs with tail calls on affected systems to prevent triggering the vulnerability. 4) Monitor system logs and kernel messages for signs of kernel lockups or crashes related to BPF execution. 5) Engage with hardware vendors and Linux distribution maintainers to ensure timely updates and support for LoongArch-based systems. 6) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel lockups. 7) Educate system administrators about the specific nature of this vulnerability to avoid misdiagnosis of system crashes. These steps go beyond generic advice by focusing on architecture-specific identification, patch management, and operational controls tailored to the LoongArch environment.