Fixed
Created: Nov 12, 2025
Updated: Nov 25, 2025
Resolved Date: Nov 24, 2025
Found In Version: 10.25.33.1
Fix Version: 10.25.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]bpf: Reject negative offsets for ALU ops[EOL][EOL]When verifying BPF programs, the check_alu_op() function validates[EOL]instructions with ALU operations. The 'offset' field in these[EOL]instructions is a signed 16-bit integer.[EOL][EOL]The existing check 'insn->off > 1' was intended to ensure the offset is[EOL]either 0, or 1 for BPF_MOD/BPF_DIV. However, because 'insn->off' is[EOL]signed, this check incorrectly accepts all negative values (e.g., -1).[EOL][EOL]This commit tightens the validation by changing the condition to[EOL]'(insn->off != 0 && insn->off != 1)'. This ensures that any value[EOL]other than the explicitly permitted 0 and 1 is rejected, hardening the[EOL]verifier against malformed BPF programs.
