Acknowledged
Created: Oct 29, 2025
Updated: Oct 30, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]bpf: Explicitly check accesses to bpf_sock_addr[EOL][EOL]Syzkaller found a kernel warning on the following sock_addr program:[EOL][EOL] 0: r0 = 0[EOL] 1: r2 = *(u32 *)(r1 +60)[EOL] 2: exit[EOL][EOL]which triggers:[EOL][EOL] verifier bug: error during ctx access conversion (0)[EOL][EOL]This is happening because offset 60 in bpf_sock_addr corresponds to an[EOL]implicit padding of 4 bytes, right after msg_src_ip4. Access to this[EOL]padding isn't rejected in sock_addr_is_valid_access and it thus later[EOL]fails to convert the access.[EOL][EOL]This patch fixes it by explicitly checking the various fields of[EOL]bpf_sock_addr in sock_addr_is_valid_access.[EOL][EOL]I checked the other ctx structures and is_valid_access functions and[EOL]didn't find any other similar cases. Other cases of (properly handled)[EOL]padding are covered in new tests in a subsequent patch.
