CVE-2025-40050
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer
In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect.
This patch adds a check to skip the adjustment logic when the destination register contains a pointer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | aced132599b3c8884c050218d4c48eef203678f6 < b9ef4963227246b9222e1559ddeec8e7af63e6c6 | affected |
| Linux | Linux | aced132599b3c8884c050218d4c48eef203678f6 < 34904582b502a86fdb4d7984b12cacd2faabbe0d | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.17.3 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b9ef4963227246b9222e1559ddeec8e7af63e6c6
- https://git.kernel.org/stable/c/34904582b502a86fdb4d7984b12cacd2faabbe0d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.