CVE-2025-29481

EUVD-2025-10438
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
libbpf_projectlibbpf
1.5.0
𝑥
= Vulnerable software versions
Azure Linux logo
Azure Linux Releases
Azure Package
Release
bcc
Azure Linux 3.0
0:0.29.1-3.azl3
fixed
dwarves
Azure Linux 3.0
0:1.25-2.azl3
fixed
libbpf
Azure Linux 3.0
0:1.2.2-2.azl3
fixed
CBL-Mariner 2.0
0:1.0.1-2.cm2
fixed