AZL-68840

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68840.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68840

Upstream

CVE-2025-40078

Published

2025-10-28T12:15:42Z

Modified

2026-04-01T05:21:29.663260Z

Summary

CVE-2025-40078 affecting package kernel for versions less than 6.6.112.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Explicitly check accesses to bpfsockaddr

Syzkaller found a kernel warning on the following sock_addr program:

0: r0 = 0
1: r2 = *(u32 *)(r1 +60)
2: exit

which triggers:

verifier bug: error during ctx access conversion (0)

This is happening because offset 60 in bpfsockaddr corresponds to an implicit padding of 4 bytes, right after msgsrcip4. Access to this padding isn't rejected in sockaddrisvalidaccess and it thus later fails to convert the access.

This patch fixes it by explicitly checking the various fields of bpfsockaddr in sockaddrisvalidaccess.

I checked the other ctx structures and isvalidaccess functions and didn't find any other similar cases. Other cases of (properly handled) padding are covered in new tests in a subsequent patch.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40078

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68840.json"