AZL-59737

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59737.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-59737

Upstream

CVE-2025-29481

Published

2025-04-07T20:15:20Z

Modified

2026-04-21T04:37:20.262641Z

Summary

CVE-2025-29481 affecting package dwarves for versions less than 1.25-2

Details

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29481

Affected packages

Azure Linux:3 / dwarves

Package

Name: dwarves
Purl: pkg:rpm/azure-linux/dwarves

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59737.json"