AZL-59727

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59727.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-59727

Upstream

CVE-2025-29481

Published

2025-04-07T20:15:20Z

Modified

2026-04-21T04:37:20.185144Z

Summary

CVE-2025-29481 affecting package libbpf for versions less than 1.2.2-2

Details

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29481

Affected packages

Azure Linux:3 / libbpf

Package

Name: libbpf
Purl: pkg:rpm/azure-linux/libbpf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.2-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59727.json"