{"id":"AZL-68840","summary":"CVE-2025-40078 affecting package kernel for versions less than 6.6.112.1-2","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n    0: r0 = 0\n    1: r2 = *(u32 *)(r1 +60)\n    2: exit\n\nwhich triggers:\n\n    verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn't rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn't find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.","modified":"2026-04-21T04:38:30.313889Z","published":"2025-10-28T12:15:42Z","upstream":["CVE-2025-40078"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40078"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.112.1-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68840.json"}}],"schema_version":"1.7.5"}