{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68742","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.030Z","datePublished":"2025-12-24T12:09:39.341Z","dateUpdated":"2026-05-11T21:52:28.112Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:28.112Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix invalid prog->stats access when update_effective_progs fails\n\nSyzkaller triggers an invalid memory access issue following fault\ninjection in update_effective_progs. The issue can be described as\nfollows:\n\n__cgroup_bpf_detach\n  update_effective_progs\n    compute_effective_progs\n      bpf_prog_array_alloc <-- fault inject\n  purge_effective_progs\n    /* change to dummy_bpf_prog */\n    array->items[index] = &dummy_bpf_prog.prog\n\n---softirq start---\n__do_softirq\n  ...\n    __cgroup_bpf_run_filter_skb\n      __bpf_prog_run_save_cb\n        bpf_prog_run\n          stats = this_cpu_ptr(prog->stats)\n          /* invalid memory access */\n          flags = u64_stats_update_begin_irqsave(&stats->syncp)\n---softirq end---\n\n  static_branch_dec(&cgroup_bpf_enabled_key[atype])\n\nThe reason is that fault injection caused update_effective_progs to fail\nand then changed the original prog into dummy_bpf_prog.prog in\npurge_effective_progs. Then a softirq came, and accessing the members of\ndummy_bpf_prog.prog in the softirq triggers invalid mem access.\n\nTo fix it, skip updating stats when stats is NULL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/linux/filter.h","kernel/bpf/syscall.c"],"versions":[{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"93d1964773ff513c9bd530f7686d3e48b786fa6b","status":"affected","versionType":"git"},{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"bf2c990b012100610c0f1ec5c4ea434da2d080c2","status":"affected","versionType":"git"},{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"539137e3038ce6f953efd72110110f03c14c7d97","status":"affected","versionType":"git"},{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"56905bb70c8b88421709bb4e32fcba617aa37d41","status":"affected","versionType":"git"},{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"2579c356ccd35d06238b176e4b460978186d804b","status":"affected","versionType":"git"},{"version":"492ecee892c2a4ba6a14903d5d586ff750b7e805","lessThan":"7dc211c1159d991db609bdf4b0fb9033c04adcbc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/linux/filter.h","kernel/bpf/syscall.c"],"versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/93d1964773ff513c9bd530f7686d3e48b786fa6b"},{"url":"https://git.kernel.org/stable/c/bf2c990b012100610c0f1ec5c4ea434da2d080c2"},{"url":"https://git.kernel.org/stable/c/539137e3038ce6f953efd72110110f03c14c7d97"},{"url":"https://git.kernel.org/stable/c/56905bb70c8b88421709bb4e32fcba617aa37d41"},{"url":"https://git.kernel.org/stable/c/2579c356ccd35d06238b176e4b460978186d804b"},{"url":"https://git.kernel.org/stable/c/7dc211c1159d991db609bdf4b0fb9033c04adcbc"}],"title":"bpf: Fix invalid prog->stats access when update_effective_progs fails","x_generator":{"engine":"bippy-1.2.0"}}}}