DEBIAN-CVE-2025-40169
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the check_alu_op() function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check 'insn->off > 1' was intended to ensure the offset is either 0, or 1 for BPF_MOD/BPF_DIV. However, because 'insn->off' is signed, this check incorrectly accepts all negative values (e.g., -1). This commit tightens the validation by changing the condition to '(insn->off != 0 && insn->off != 1)'. This ensures that any value other than the explicitly permitted 0 and 1 is rejected, hardening the verifier against malformed BPF programs.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 6.12.38-1, 6.12.41-1, 6.12.43-1 |
| Debian:14 | linux | 6.12.74-2, 6.12.74-2~bpo12+1, 6.13.10-1~exp1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Nov 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated