CVE-2025-68742
Unknown Unknown - Not Provided
Invalid Memory Access in Linux Kernel BPF Program Stats Update

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog->stats access when update_effective_progs fails Syzkaller triggers an invalid memory access issue following fault injection in update_effective_progs. The issue can be described as follows: __cgroup_bpf_detach update_effective_progs compute_effective_progs bpf_prog_array_alloc <-- fault inject purge_effective_progs /* change to dummy_bpf_prog */ array->items[index] = &dummy_bpf_prog.prog ---softirq start--- __do_softirq ... __cgroup_bpf_run_filter_skb __bpf_prog_run_save_cb bpf_prog_run stats = this_cpu_ptr(prog->stats) /* invalid memory access */ flags = u64_stats_update_begin_irqsave(&stats->syncp) ---softirq end--- static_branch_dec(&cgroup_bpf_enabled_key[atype]) The reason is that fault injection caused update_effective_progs to fail and then changed the original prog into dummy_bpf_prog.prog in purge_effective_progs. Then a softirq came, and accessing the members of dummy_bpf_prog.prog in the softirq triggers invalid mem access. To fix it, skip updating stats when stats is NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68742
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's BPF (Berkeley Packet Filter) subsystem. When a fault is injected during the update_effective_progs function, it causes the function to fail and replace the original BPF program with a dummy program. Later, during a softirq (a type of interrupt), the kernel tries to access statistics of this dummy program, but since the stats pointer is invalid (NULL), it leads to an invalid memory access. The fix involves skipping the stats update when the stats pointer is NULL to prevent this invalid memory access.


How can this vulnerability impact me? :

This vulnerability can cause invalid memory access in the Linux kernel, which may lead to kernel crashes or instability. Such crashes can result in denial of service or system downtime, impacting the reliability and availability of systems running vulnerable kernel versions.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the invalid memory access in the Linux kernel's BPF subsystem by skipping stats updates when stats is NULL. This involves updating the kernel to a version that includes the fix for the issue in update_effective_progs and purge_effective_progs functions to prevent invalid memory access during softirq processing.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart