CVE-2025-40050

Linux Kernel - Use-After-Free in BPF Verifier

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect. This patch adds a check to skip the adjustment logic when the destination register contains a pointer.

Scores

EPSS 0.0020
EPSS Percentile 10.3%

Details

Status published
Products (7)
linux/Kernel 6.17.0 - 6.17.3linux
Linux/Linux < 6.17
Linux/Linux 6.17
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Linux/Linux aced132599b3c8884c050218d4c48eef203678f6 - 34904582b502a86fdb4d7984b12cacd2faabbe0d
Linux/Linux aced132599b3c8884c050218d4c48eef203678f6 - b9ef4963227246b9222e1559ddeec8e7af63e6c6
Published Oct 28, 2025
Tracked Since Feb 18, 2026