CVE-2025-68208

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68208

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68208.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-68208

Downstream

BELL-CVE-2025-68208

DEBIAN-CVE-2025-68208

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

ROOT-OS-DEBIAN-13-CVE-2025-68208

ROOT-OS-UBUNTU-2404-CVE-2025-68208

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

UBUNTU-CVE-2025-68208

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8100-1

USN-8125-1

USN-8126-1

openSUSE-SU-2026:20145-1

Related

Published

2025-12-16T13:48:35.298Z

Modified

2026-03-20T12:46:17.956541Z

Summary

bpf: account for current allocated stack depth in widen_imprecise_scalars()

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: account for current allocated stack depth in widenimprecisescalars()

The usage pattern for widenimprecisescalars() looks as follows:

prev_st = find_prev_entry(env, ...);
queued_st = push_stack(...);
widen_imprecise_scalars(env, prev_st, queued_st);

Where prevst is an ancestor of the queuedst in the explored states tree. This ancestor is not guaranteed to have same allocated stack depth as queued_st. E.g. in the following case:

def main():
  for i in 1..2:
    foo(i)        // same callsite, differnt param

def foo(i):
  if i == 1:
    use 128 bytes of stack
  iterator based loop

Here, for a second 'foo' call prevst->allocatedstack is 128, while queuedst->allocatedstack is much smaller. widenimprecisescalars() needs to take this into account and avoid accessing bpfverifierstate->frame[*]->stack out of bounds.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68208.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ab470fefce2837e66b771c60858118d50bb5bb10

Fixed

64b12dca2b0abcb5fc0542887d18b926ea5cf711

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2793a8b015f7f1caadb9bce9c63dc659f7522676

Fixed

9944c7938cd5b3f37b0afec0481c7c015e4f1c58

Fixed

57e04e2ff56e32f923154f0f7bc476fcb596ffe7

Fixed

b0c8e6d3d866b6a7f73877f71968dbffd27b7785

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68208.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.117

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.59

Fixed

6.17.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68208.json"