CVE-2025-68378

Syzkaller reported a KASAN slab-out-of-bounds write in __bpfgetstackid() when copying stack trace data. The issue occurs when the perf trace contains more stack entries than the stack map bucket can hold, leading to an out-of-bounds write in the bucket's data array.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68378.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ee2a098851bfbe8bcdd964c0121f4246f00ff41e

Fixed

d1f424a77b6bd27b361737ed73df49a0158f1590

Fixed

2a008f6de163279deffd488c1deab081bce5667c

Fixed

4669a8db976c8cbd5427fe9945f12c5fa5168ff3

Fixed

23f852daa4bab4d579110e034e4d513f7d490846

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

90805175a206f784b6a77f16f07b07f6803e286b

Last affected

398ac11f4425d1e52aaf0d05d4fc90524e1a5b5e

Last affected

e750f78c4ed7cefbcefb9769b3b9e08033db39da

Last affected

6c4f243b58f5362e983386488b2d563764c567af

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68378.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

6.12.63

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.13

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68378.json"