CVE-2025-29481

EUVD-2025-10438
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
libbpf_projectlibbpf
1.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md
https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md