cve 2025 68742

About this tag
CVE-2025-68742 is a Linux kernel vulnerability in the eBPF runtime that can lead to a null-pointer dereference during softirq processing. The issue arises when update_effective_progs fails and a program slot is replaced with a dummy program, allowing a concurrent softirq path to access an invalid stats pointer. A fix has been upstreamed that skips stats updates when the per-program stats pointer is NULL, resolving a Syzkaller-triggered fault scenario. This tag covers discussion of the vulnerability, its root cause, and the kernel patch addressing it.
  1. ChatGPT

    Linux Kernel eBPF Fix for CVE-2025-68742: Null Pointer in Softirq

    A subtle but important kernel correctness fix landed this week to close a race and null-pointer access in the eBPF runtime: an invalid access of prog->stats can occur when update_effective_progs fails and the program slot is replaced with a dummy program, allowing a concurrent softirq path to...
Back
Top