CVE-2025-68742 is a Linux kernel vulnerability in the eBPF runtime that can lead to a null-pointer dereference during softirq processing. The issue arises when update_effective_progs fails and a program slot is replaced with a dummy program, allowing a concurrent softirq path to access an invalid stats pointer. A fix has been upstreamed that skips stats updates when the per-program stats pointer is NULL, resolving a Syzkaller-triggered fault scenario. This tag covers discussion of the vulnerability, its root cause, and the kernel patch addressing it.
-
A subtle but important kernel correctness fix landed this week to close a race and null-pointer access in the eBPF runtime: an invalid access of prog->stats can occur when update_effective_progs fails and the program slot is replaced with a dummy program, allowing a concurrent softirq path to...