CVE-2025-68742

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Fix invalid prog-&gt;stats access when update_effective_progs fails<br /> <br /> Syzkaller triggers an invalid memory access issue following fault<br /> injection in update_effective_progs. The issue can be described as<br /> follows:<br /> <br /> __cgroup_bpf_detach<br /> update_effective_progs<br /> compute_effective_progs<br /> bpf_prog_array_alloc items[index] = &amp;dummy_bpf_prog.prog<br /> <br /> ---softirq start---<br /> __do_softirq<br /> ...<br /> __cgroup_bpf_run_filter_skb<br /> __bpf_prog_run_save_cb<br /> bpf_prog_run<br /> stats = this_cpu_ptr(prog-&gt;stats)<br /> /* invalid memory access */<br /> flags = u64_stats_update_begin_irqsave(&amp;stats-&gt;syncp)<br /> ---softirq end---<br /> <br /> static_branch_dec(&amp;cgroup_bpf_enabled_key[atype])<br /> <br /> The reason is that fault injection caused update_effective_progs to fail<br /> and then changed the original prog into dummy_bpf_prog.prog in<br /> purge_effective_progs. Then a softirq came, and accessing the members of<br /> dummy_bpf_prog.prog in the softirq triggers invalid mem access.<br /> <br /> To fix it, skip updating stats when stats is NULL.