CVE-2025-29481: 
NixOS vulnerability analysis and mitigation

Buffer Overflow vulnerability in libbpf 1.5.0 was discovered and disclosed on April 7, 2025. The vulnerability affects the bpfobject_init_prog function of libbpf, allowing local attackers to execute arbitrary code. This security flaw has been assigned CVE-2025-29481 and received a CVSS 3.1 base score of 6.2 (Medium) from CISA-ADP (NVD, RedHat).

The vulnerability is classified as a heap buffer overflow (CWE-120) that occurs in the bpfobject_init_prog function within src/libbpf.c at line 850. The flaw stems from missing boundary checks when copying BPF program instructions from a malformed ELF file, which leads to memory corruption during memcpy operations. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements with no privileges needed (GitHub POC).

The vulnerability can be exploited by a local attacker to execute arbitrary code or cause a denial of service (crash) through a crafted ELF file that triggers a heap buffer overflow. The impact primarily affects system availability, with potential for code execution that could compromise system security (RedHat).

Red Hat Enterprise Linux 9 is confirmed to be affected, while Red Hat Enterprise Linux 8 and Red Hat OpenShift Container Platform 4 are not affected. Users are advised to update to a patched version when available. Currently, the vulnerability remains unfixed in Debian's trixie and sid distributions running libbpf version 1.5.0-2 (Debian Tracker, RedHat).