Vulnerability Lookup

🛡️ CVE-2025-68742

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog->stats access when update_effective_progs fails Syzkaller triggers an invalid memory access issue following fault injection in update_effective_progs. The issue can be described as follows: __cgroup_bpf_detach update_effective_progs compute_effective_progs bpf_prog_array_alloc items[index] = &dummy_bpf_prog.prog ---softirq start--- __do_softirq ... __cgroup_bpf_run_filter_skb __bpf_prog_run_save_cb bpf_prog_run stats = this_cpu_ptr(prog->stats) /* invalid memory access */ flags = u64_stats_update_begin_irqsave(&stats->syncp) ---softirq end--- static_branch_dec(&cgroup_bpf_enabled_key[atype]) The reason is that fault injection caused update_effective_progs to fail and then changed the original prog into dummy_bpf_prog.prog in purge_effective_progs. Then a softirq came, and accessing the members of dummy_bpf_prog.prog in the softirq triggers invalid mem access. To fix it, skip updating stats when stats is NULL.

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-12-24

Updated 2026-06-02

Modified 2026-04-02

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.18.0	6.18.2
unknown	—	—

References

WEB https://git.kernel.org/stable/c/2579c356ccd35d06238b176e4b460978186d804b

WEB https://git.kernel.org/stable/c/539137e3038ce6f953efd72110110f03c14c7d97

WEB https://git.kernel.org/stable/c/56905bb70c8b88421709bb4e32fcba617aa37d41

WEB https://git.kernel.org/stable/c/7dc211c1159d991db609bdf4b0fb9033c04adcbc

WEB https://git.kernel.org/stable/c/93d1964773ff513c9bd530f7686d3e48b786fa6b

WEB https://git.kernel.org/stable/c/bf2c990b012100610c0f1ec5c4ea434da2d080c2

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68742.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-68742

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Stay informed about vulnerabilities in your stack

Company

Resources

Services

Trusted

Subscribe