CVE-2025-68744
Use-After-Free in Linux Kernel BPF percpu_hash Maps
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the handling of special fields in [lru_,]percpu_hash maps used by BPF (Berkeley Packet Filter). Specifically, missing calls to the function 'bpf_obj_free_fields()' in the 'pcpu_copy_value()' function could cause memory referenced by BPF_KPTR_{REF,PERCPU} fields to remain allocated until the entire map is freed. The issue was fixed by ensuring 'bpf_obj_free_fields()' is called after copying map values, preventing memory from being held unnecessarily.
How can this vulnerability impact me? :
This vulnerability can lead to memory being held longer than necessary in the kernel due to missing deallocation calls. This could cause increased memory usage and potential memory leaks in systems using these BPF maps, potentially degrading system performance or stability over time.