CVE-2025-68378

Vulnerability

A slab-out-of-bounds write vulnerability exists in the Linux kernel's BPF subsystem within the __bpf_get_stackid() function. The overflow check fails to properly handle stack traces containing more entries than the allocated stack map bucket can accommodate, leading to an out-of-bounds write in the bucket's data array, as reported by syzkaller via KASAN.

Exploitation

Triggering the vulnerability requires a local user with the ability to load and run BPF programs, specifically those that capture stack traces using bpf_get_stackid(). No additional privileges are needed; any process with CAP_BPF or access to BPF operations can potentially exploit this flaw.

Impact

An attacker successfully exploiting this vulnerability can write beyond the bounds of a kernel slab allocation, potentially corrupting adjacent kernel memory. This can lead to system instability, denial of service, or escalation of privileges, depending on the memory layout.

Mitigation

The issue has been patched in the Linux kernel stable tree via commits [1] and [2]. Users are advised to update their kernels to the latest patched versions to remediate the vulnerability.