| Name | CVE-2025-29481 |
| Description | Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root." |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1102672 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libbpf (PTS) | bullseye | 0.3-2 | vulnerable |
| bullseye (security) | 0.3-2+deb11u1 | vulnerable | |
| bookworm | 1.1.2-0+deb12u1 | vulnerable | |
| trixie | 1.5.0-3 | fixed | |
| forky, sid | 1.6.2-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libbpf | source | (unstable) | 1.5.0-3 | unimportant | 1102672 |
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md
https://github.com/libbpf/libbpf/issues/898
https://lore.kernel.org/bpf/20250410095517.141271-1-vmalik@redhat.com/
Disputed libbpf issue (was also filed as #1102672):
https://lore.kernel.org/bpf/67b2be76-e1db-4163-995c-57073f127d7a@redhat.com/
https://lore.kernel.org/bpf/CAEf4Bzb2S+1TonOp9UH86r0e6aGG2LEA4kwbQhJWr=9Xju=NEw@mail.gmail.com/