CVE-2025-40050
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect. This patch adds a check to skip the adjustment logic when the destination register contains a pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-05-07
AI Q&A
2025-10-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40050
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves the BPF (Berkeley Packet Filter) verifier incorrectly applying scalar adjustments during BPF_NEG operations when the destination register is a pointer. The verifier was calling functions to adjust scalar values even when the destination was a pointer, which is unnecessary and could lead to incorrect behavior. The fix involves adding a check to skip these scalar adjustments if the destination register holds a pointer.


How can this vulnerability impact me? :

The vulnerability could cause incorrect behavior in the BPF verifier when handling pointer registers during BPF_NEG operations. This might lead to unexpected or incorrect kernel behavior, potentially affecting system stability or security, depending on how BPF programs are used on the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart