We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-37807

bpf: Fix kmemleak warning for percpu hashmap



Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigation shows the reason is due to not 8-byte aligned store of percpu pointer in htab_elem_set_ptr(): *(void __percpu **)(l->key + key_size) = pptr; Note that the whole htab_elem alignment is 8 (for x86_64). If the key_size is 4, that means pptr is stored in a location which is 4 byte aligned but not 8 byte aligned. In mm/kmemleak.c, scan_block() scans the memory based on 8 byte stride, so it won't detect above pptr, hence reporting the memory leak. In htab_map_alloc(), we already have htab->elem_size = sizeof(struct htab_elem) + round_up(htab->map.key_size, 8); if (percpu) htab->elem_size += sizeof(void *); else htab->elem_size += round_up(htab->map.value_size, 8); So storing pptr with 8-byte alignment won't cause any problem and can fix kmemleak too. The issue can be reproduced with bpf selftest as well: 1. Enable CONFIG_DEBUG_KMEMLEAK config 2. Add a getchar() before skel destroy in test_hash_map() in prog_tests/for_each.c. The purpose is to keep map available so kmemleak can be detected. 3. run './test_progs -t for_each/hash_map &' and a kmemleak should be reported.

Reserved 2025-04-16 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7758e308aeda1038aba1944f7302d34161b3effe
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1f1c29aa1934177349c17e3c32e68ec38a7a56df
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 11ba7ce076e5903e7bdc1fd1498979c331b3c286
affected

Default status
affected

6.12.26
unaffected

6.14.5
unaffected

6.15-rc1
unaffected

References

git.kernel.org/...c/7758e308aeda1038aba1944f7302d34161b3effe

git.kernel.org/...c/1f1c29aa1934177349c17e3c32e68ec38a7a56df

git.kernel.org/...c/11ba7ce076e5903e7bdc1fd1498979c331b3c286

cve.org (CVE-2025-37807)

nvd.nist.gov (CVE-2025-37807)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-37807

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.