CVE-2025-68355

Vulnerability

Description

The vulnerability is a memory leak in the Linux kernel's BPF subsystem. When a BPF map is created, the kernel allocates memory for an exclusive program hash (excl_prog_hash) and stores its size (excl_prog_hash_size). If excl_prog_hash is 0 but excl_prog_hash_size is non-zero, the map is not freed properly, causing the allocated memory to remain unreclaimed [1].

Attack

Vector and Requirements

The issue is triggered during map creation via the map_create function in function in kernel/bpf/syscall.c. An attacker needs the ability to invoke BPF system calls (e.g., via bpf()`) to create a map with specific parameters that result in the faulty state. No other privileges or network access are required; the bug is exploitable locally by any user who can interact with the BPF subsystem [1].

Impact

Successfully exploiting this memory leak leads to a denial of service through gradual memory exhaustion. Repeated map creations can cause the system to run out of memory, impacting availability. The leak does not provide code execution or privilege escalation [1].

Mitigation

The fix has been committed in the Linux kernel stable tree [1]. Users should apply the patch identified by commit f0022551745d72fc0e7bc8601234d690dee2178d to their systems. No workar The vulnerability is not listed on the CISA KEV catalog at this time.