-

CVE-2025-68742

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix invalid prog->stats access when update_effective_progs fails

Syzkaller triggers an invalid memory access issue following fault
injection in update_effective_progs. The issue can be described as
follows:

__cgroup_bpf_detach
  update_effective_progs
    compute_effective_progs
      bpf_prog_array_alloc <-- fault inject
  purge_effective_progs
    /* change to dummy_bpf_prog */
    array->items[index] = &dummy_bpf_prog.prog

---softirq start---
__do_softirq
  ...
    __cgroup_bpf_run_filter_skb
      __bpf_prog_run_save_cb
        bpf_prog_run
          stats = this_cpu_ptr(prog->stats)
          /* invalid memory access */
          flags = u64_stats_update_begin_irqsave(&stats->syncp)
---softirq end---

  static_branch_dec(&cgroup_bpf_enabled_key[atype])

The reason is that fault injection caused update_effective_progs to fail
and then changed the original prog into dummy_bpf_prog.prog in
purge_effective_progs. Then a softirq came, and accessing the members of
dummy_bpf_prog.prog in the softirq triggers invalid mem access.

To fix it, skip updating stats when stats is NULL.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 93d1964773ff513c9bd530f7686d3e48b786fa6b
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
Version < bf2c990b012100610c0f1ec5c4ea434da2d080c2
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
Version < 539137e3038ce6f953efd72110110f03c14c7d97
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
Version < 56905bb70c8b88421709bb4e32fcba617aa37d41
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
Version < 2579c356ccd35d06238b176e4b460978186d804b
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
Version < 7dc211c1159d991db609bdf4b0fb9033c04adcbc
Version 492ecee892c2a4ba6a14903d5d586ff750b7e805
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.1
Status affected
Version < 5.1
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.63
Status unaffected
Version <= 6.17.*
Version 6.17.13
Status unaffected
Version <= 6.18.*
Version 6.18.2
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.