CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: Fix proto fallback detection with BPF<br /> <br /> The sockmap feature allows bpf syscall from userspace, or based<br /> on bpf sockops, replacing the sk_prot of sockets during protocol stack<br /> processing with sockmap&amp;#39;s custom read/write interfaces.<br /> &amp;#39;&amp;#39;&amp;#39;<br /> tcp_rcv_state_process()<br /> syn_recv_sock()/subflow_syn_recv_sock()<br /> tcp_init_transfer(BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB)<br /> bpf_skops_established ops.<br /> <br /> This fix uses the more generic sk_family for the comparison instead.<br /> <br /> Additionally, this also prevents a WARNING from occurring:<br /> <br /> result from ./scripts/decode_stacktrace.sh:<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 0 PID: 337 at net/mptcp/protocol.c:68 mptcp_stream_accept \<br /> (net/mptcp/protocol.c:4005)<br /> Modules linked in:<br /> ...<br /> <br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> do_accept (net/socket.c:1989)<br /> __sys_accept4 (net/socket.c:2028 net/socket.c:2057)<br /> __x64_sys_accept (net/socket.c:2067)<br /> x64_sys_call (arch/x86/entry/syscall_64.c:41)<br /> do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)<br /> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)<br /> RIP: 0033:0x7f87ac92b83d<br /> <br /> ---[ end trace 0000000000000000 ]---