Unrated severityNVD Advisory· Published Oct 28, 2025· Updated Apr 15, 2026
CVE-2025-40050
CVE-2025-40050
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer
In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect.
This patch adds a check to skip the adjustment logic when the destination register contains a pointer.
Affected products
4- osv-coords3 versionspkg:linux/kernelpkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
>= 6.17.0, < 6.17.3+ 2 more
- (no CPE)range: >= 6.17.0, < 6.17.3
- (no CPE)range: < 6.17.7-1.1
- (no CPE)range: < 6.18.16-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.