[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-40123":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":21,"modified_at":22,"state":9,"summary":23,"references_raw":25,"kevs":32,"epss":9,"epss_history":33,"metrics":34,"affected":35},"DEBIAN-CVE-2025-40123","In the Linux kernel, the following vulnerability has been resolved:  bpf: Enforce expected_attach_type for tailcall compatibility  Yinhao et al. recently reported:    Our fuzzer tool discovered an uninitialized pointer issue in the   bpf_prog_test_run_xdp() function within the Linux kernel's BPF subsystem.   This leads to a NULL pointer dereference when a BPF program attempts to   deference the txq member of struct xdp_buff object.  The test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the entry point for bpf_prog_test_run_xdp() and its expected_attach_type can neither be of be BPF_XDP_DEVMAP nor BPF_XDP_CPUMAP. progA calls into a slot of a tailcall map it owns. progB's expected_attach_type must be BPF_XDP_DEVMAP to pass xdp_is_valid_access() validation. The program returns struct xdp_md's egress_ifindex, and the latter is only allowed to be accessed under mentioned expected_attach_type. progB is then inserted into the tailcall which progA calls.  The underlying issue goes beyond XDP though. Another example are programs of type BPF_PROG_TYPE_CGROUP_SOCK_ADDR. sock_addr_is_valid_access() as well as sock_addr_func_proto() have different logic depending on the programs' expected_attach_type. Similarly, a program attached to BPF_CGROUP_INET4_GETPEERNAME should not be allowed doing a tailcall into a program which calls bpf_bind() out of BPF which is only enabled for BPF_CGROUP_INET4_CONNECT.  In short, specifying expected_attach_type allows to open up additional functionality or restrictions beyond what the basic bpf_prog_type enables. The use of tailcalls must not violate these constraints. Fix it by enforcing expected_attach_type in __bpf_prog_map_compatible().  Note that we only enforce this for tailcall maps, but not for BPF devmaps or cpumaps: There, the programs are invoked through dev_map_bpf_prog_run*() and cpu_map_bpf_prog_run*() which set up a new environment / context and therefore these situations are not prone to this issue.",null,[],[],[],[14],{"_key":15},"CVE-2025-40123",[17],{"_key":18},"DLA-4379-1",[],[],"2025-11-12T11:15:41.807Z","2026-04-28T20:30:27.412976Z",{"cisa_kev":24,"cisa_ransomware":24,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[26],{"url":27,"sources":28,"tags":30},"https://security-tracker.debian.org/tracker/CVE-2025-40123",[29],"osv_debian",[31],"Advisory",[],[],[],[36,56],{"ecosystem":37,"name":38,"vendor":39,"product":38,"cpe_part":9,"purl_type":40,"purl_namespace":39,"purl_name":38,"source":9,"versions":41},"Debian","linux","debian","deb",[42,46,50,53],{"version":43,"is_range":44,"range_type":45,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":47,"is_range":44,"range_type":45,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":49,"fixed_in":9},"lt6_1_158_1","6.1.158-1","excluding",{"version":51,"is_range":44,"range_type":45,"version_start":9,"version_start_type":9,"version_end":52,"version_end_type":49,"fixed_in":9},"lt6_12_57_1","6.12.57-1",{"version":54,"is_range":44,"range_type":45,"version_start":9,"version_start_type":9,"version_end":55,"version_end_type":49,"fixed_in":9},"lt6_17_6_1","6.17.6-1",{"ecosystem":37,"name":57,"vendor":39,"product":57,"cpe_part":9,"purl_type":40,"purl_namespace":39,"purl_name":57,"source":9,"versions":58},"linux-6.1",[59],{"version":60,"is_range":44,"range_type":45,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":49,"fixed_in":9},"lt6_1_158_1~deb11u1","6.1.158-1~deb11u1"]