-

CVE-2025-40078

EPSS 0.06%
Veröffentlicht 28.10.2025 11:48:43
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Explicitly check accesses to bpf_sock_addr

Syzkaller found a kernel warning on the following sock_addr program:

    0: r0 = 0
    1: r2 = *(u32 *)(r1 +60)
    2: exit

which triggers:

    verifier bug: error during ctx access conversion (0)

This is happening because offset 60 in bpf_sock_addr corresponds to an
implicit padding of 4 bytes, right after msg_src_ip4. Access to this
padding isn't rejected in sock_addr_is_valid_access and it thus later
fails to convert the access.

This patch fixes it by explicitly checking the various fields of
bpf_sock_addr in sock_addr_is_valid_access.

I checked the other ctx structures and is_valid_access functions and
didn't find any other similar cases. Other cases of (properly handled)
padding are covered in new tests in a subsequent patch.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < de44cdc50d2dce8718cb57deddf9cf1be9a7759f

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < 76e04bbb4296fb6eac084dbfc27e02ccc744db3e

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < 6d8b1a21fd5c34622b0c3893c61e4a38d8ba53ec

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < 4f00858cd9bbbdf67159e28b85a8ca9e77c83622

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < cdeafacb4f9ff261a96baef519e29480fd7b1019

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < fe9d33f0470350558cb08cecb54cf2267b3a45d2

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < ad8b4fe5617e3c85fc23267f02500c4f3bf0ff69

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

Version < 6fabca2fc94d33cdf7ec102058983b086293395f

Version 1cedee13d25ab118d325f95588c1a084e9317229

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.18

Status affected

Version < 4.18

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/6d8b1a21fd5c34622b0c3893c61e4a38d8ba53ec

https://git.kernel.org/stable/c/4f00858cd9bbbdf67159e28b85a8ca9e77c83622

https://git.kernel.org/stable/c/cdeafacb4f9ff261a96baef519e29480fd7b1019

https://git.kernel.org/stable/c/fe9d33f0470350558cb08cecb54cf2267b3a45d2

https://git.kernel.org/stable/c/ad8b4fe5617e3c85fc23267f02500c4f3bf0ff69

https://git.kernel.org/stable/c/6fabca2fc94d33cdf7ec102058983b086293395f

https://git.kernel.org/stable/c/76e04bbb4296fb6eac084dbfc27e02ccc744db3e

https://git.kernel.org/stable/c/de44cdc50d2dce8718cb57deddf9cf1be9a7759f

https://nvd.nist.gov/vuln/detail/CVE-2025-40078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40078

EUVD