CVE-2025-40078
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails to convert the access. This patch fixes it by explicitly checking the various fields of bpf_sock_addr in sock_addr_is_valid_access. I checked the other ctx structures and is_valid_access functions and didn't find any other similar cases. Other cases of (properly handled) padding are covered in new tests in a subsequent patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40078
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically related to the bpf_sock_addr structure. The issue arises because an implicit 4-byte padding after the msg_src_ip4 field was not properly checked for access validity. This caused a kernel warning and verifier bug when a program tried to access this padding area, which was not rejected as an invalid access. The vulnerability was fixed by explicitly checking all fields of bpf_sock_addr to prevent invalid accesses.

Impact Analysis

This vulnerability can cause kernel warnings and verifier bugs, potentially leading to instability or crashes in the Linux kernel when BPF programs access invalid memory areas. It may affect the reliability and security of systems using BPF programs that interact with bpf_sock_addr, possibly allowing malformed BPF programs to trigger unexpected behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40078. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart