CVE-2025-40078
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-40078, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: error during ctx access conversion (0) This is happening because offset 60 in bpf_sock_addr corresponds to an implicit padding of 4 bytes, right after msg_src_ip4. Access to this padding isn't rejected in sock_addr_is_valid_access and it thus later fails to convert the access. This patch fixes it by explicitly checking the various fields of bpf_sock_addr in sock_addr_is_valid_access. I checked the other ctx structures and is_valid_access functions and didn't find any other similar cases. Other cases of (properly handled) padding are covered in new tests in a subsequent patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-07-06
AI Q&A
2025-10-28
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically related to the bpf_sock_addr structure. The issue arises because an implicit 4-byte padding after the msg_src_ip4 field was not properly checked for access validity. This caused a kernel warning and verifier bug when a program tried to access this padding area, which was not rejected as an invalid access. The vulnerability was fixed by explicitly checking all fields of bpf_sock_addr to prevent invalid accesses.

Impact Analysis

This vulnerability can cause kernel warnings and verifier bugs, potentially leading to instability or crashes in the Linux kernel when BPF programs access invalid memory areas. It may affect the reliability and security of systems using BPF programs that interact with bpf_sock_addr, possibly allowing malformed BPF programs to trigger unexpected behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40078. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart