Linux Kernel bpf: Avoid Invalid Stats Access after update_effective_progs Failure
CVE-2025-68742 Published on December 24, 2025
bpf: Fix invalid prog->stats access when update_effective_progs fails
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix invalid prog->stats access when update_effective_progs fails
Syzkaller triggers an invalid memory access issue following fault
injection in update_effective_progs. The issue can be described as
follows:
__cgroup_bpf_detach
update_effective_progs
compute_effective_progs
bpf_prog_array_alloc <-- fault inject
purge_effective_progs
/* change to dummy_bpf_prog */
array->items[index] = &dummy_bpf_prog.prog
---softirq start---
__do_softirq
...
__cgroup_bpf_run_filter_skb
__bpf_prog_run_save_cb
bpf_prog_run
stats = this_cpu_ptr(prog->stats)
/* invalid memory access */
flags = u64_stats_update_begin_irqsave(&stats->syncp)
---softirq end---
static_branch_dec(&cgroup_bpf_enabled_key[atype])
The reason is that fault injection caused update_effective_progs to fail
and then changed the original prog into dummy_bpf_prog.prog in
purge_effective_progs. Then a softirq came, and accessing the members of
dummy_bpf_prog.prog in the softirq triggers invalid mem access.
To fix it, skip updating stats when stats is NULL.
Products Associated with CVE-2025-68742
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below 93d1964773ff513c9bd530f7686d3e48b786fa6b is affected.
- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below bf2c990b012100610c0f1ec5c4ea434da2d080c2 is affected.
- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below 539137e3038ce6f953efd72110110f03c14c7d97 is affected.
- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below 56905bb70c8b88421709bb4e32fcba617aa37d41 is affected.
- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below 2579c356ccd35d06238b176e4b460978186d804b is affected.
- Version 492ecee892c2a4ba6a14903d5d586ff750b7e805 and below 7dc211c1159d991db609bdf4b0fb9033c04adcbc is affected.
- Version 5.1 is affected.
- Before 5.1 is unaffected.
- Version 6.1.160, <= 6.1.* is unaffected.
- Version 6.6.120, <= 6.6.* is unaffected.
- Version 6.12.63, <= 6.12.* is unaffected.
- Version 6.17.13, <= 6.17.* is unaffected.
- Version 6.18.2, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.