CVE-2025-40050
- Source
- https://cve.org/CVERecord?id=CVE-2025-40050
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40050.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40050
- Downstream
- Related
- Published
- 2025-10-28T11:48:26.654Z
- Modified
- 2026-05-15T04:13:45.132232686Z
- Summary
- bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer
In checkaluop(), the verifier currently calls checkregarg() and adjustscalarminmaxvals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect.
This patch adds a check to skip the adjustment logic when the destination register contains a pointer.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40050.json" }- References
-
- https://git.kernel.org/stable/c/34904582b502a86fdb4d7984b12cacd2faabbe0d
- https://git.kernel.org/stable/c/b9ef4963227246b9222e1559ddeec8e7af63e6c6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40050.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40050
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git