CVE-2025-68744

bpf: Free special fields when update [lru_,]percpu_hash maps

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update [lru_,]percpu_hash maps As [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing
calls to 'bpf_obj_free_fields()' in 'pcpu_copy_value()' could cause the
memory referenced by BPF_KPTR_{REF,PERCPU} fields to be held until the
map gets freed. Fix this by calling 'bpf_obj_free_fields()' after
'copy_map_value[,_long]()' in 'pcpu_copy_value()'.

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update [lru_,]percpu_hash maps As [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing calls to 'bpf_obj_free_fields()' in 'pcpu_copy_value()' could cause the memory referenced by BPF_KPTR_{REF,PERCPU} fields to be held until the map gets freed. Fix this by calling 'bpf_obj_free_fields()' after 'copy_map_value[,_long]()' in 'pcpu_copy_value()'.

These are all security issues fixed in the kernel-devel-6.18.5-1.1 package on the GA media of openSUSE Tumbleweed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-24 CVE Reserved
2025-12-24 CVE Published
2026-02-09 CVE Updated
2026-04-25 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/65334e64a493c6a0976de7ad56bf8b7a9ff04b4a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/994d6303ed0b84cbc795bb5becf7ed6de40d3f3c	2026-01-11
https://git.kernel.org/stable/c/3bf1378747e251571e0de15e7e0a6bf2919044e7	2025-12-18
https://git.kernel.org/stable/c/96a5cb7072cabbac5c66ac9318242c3bdceebb68	2025-12-18
https://git.kernel.org/stable/c/4a03d69cece145e4fb527464be29c3806aa3221e	2025-12-18
https://git.kernel.org/stable/c/6af6e49a76c9af7d42eb923703e7648cb2bf401a	2025-11-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.6.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.12.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.12.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.17.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.17.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.18.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.18.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.19"		en		Affected