CVE-2025-68208

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: account for current allocated stack depth in widen_imprecise_scalars()<br /> <br /> The usage pattern for widen_imprecise_scalars() looks as follows:<br /> <br /> prev_st = find_prev_entry(env, ...);<br /> queued_st = push_stack(...);<br /> widen_imprecise_scalars(env, prev_st, queued_st);<br /> <br /> Where prev_st is an ancestor of the queued_st in the explored states<br /> tree. This ancestor is not guaranteed to have same allocated stack<br /> depth as queued_st. E.g. in the following case:<br /> <br /> def main():<br /> for i in 1..2:<br /> foo(i) // same callsite, differnt param<br /> <br /> def foo(i):<br /> if i == 1:<br /> use 128 bytes of stack<br /> iterator based loop<br /> <br /> Here, for a second &amp;#39;foo&amp;#39; call prev_st-&gt;allocated_stack is 128,<br /> while queued_st-&gt;allocated_stack is much smaller.<br /> widen_imprecise_scalars() needs to take this into account and avoid<br /> accessing bpf_verifier_state-&gt;frame[*]-&gt;stack out of bounds.