Source: libbpf Version: 1.5.0-2 Severity: important Tags: security upstream Forwarded: https://github.com/libbpf/libbpf/issues/898 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libbpf. CVE-2025-29481[0]: | Buffer Overflow vulnerability in libbpf 1.5.0 allows a local | attacker to execute arbitrary code via the bpf_object__init_prog` | function of libbpf. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-29481 https://www.cve.org/CVERecord?id=CVE-2025-29481 [1] https://github.com/libbpf/libbpf/issues/898 [2] https://lore.kernel.org/bpf/20250410095517.141271-1-vma...@redhat.com/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
