398 matches found
CVE-2026-53081
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs due to inconsistent base ID mapping when the regsafe function compares scalar registers with BPFADDCONST values. This inconsistency allows the BPF verifier to incorrectly succeed in state pruning...
CVE-2026-53090
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. When ldabs,ind instructions are used in BPF subprograms, the verifier fails to correctly simulate the abnormal exit path if packet data loading fails. This oversight could lead to unexpected behavior or bypass of security...
CVE-2026-53090
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ldabs,ind failure path analysis in subprogs Usage of ldabs,ind instructions got extended into subprogs some time ago via commit 09b28d76eac4 "bpf: Add abnormal return checks.". These are only allowed in subprograms when...
CVE-2026-53090
The CVE-2026-53090 entry describes a Linux kernel BPF verifier flaw: when using ld_abs/ld_ind in subprogs, the verifier failed to simulate abnormal exits if packet loads failed. This is tied to the code path for bpf_gen_ld_abs() and affects subprograms that are BTF-annotated with scalar return ty...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an incorrect scalar handling in the maybeforkscalars function for BPFOR. The maybeforkscalars function is called for both BPFAND and BPFOR when the source operand is a constant. When dst has a signed range of -1, 0, it...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed the overloading of the meaning of MEMUNINIT Lonial reported an issue with the BPF verifier, where the checkmemsizereg function contains the following code: c if !tnumisconstreg-varoff / For unprivileged variable...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: synclinked regs must preserve subregdef Range propagation must not affect subregdef marks. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Accounting for the currently allocated stack depth in widenimprecisescalars The usage pattern of widenimprecisescalars is as follows: python prevst = findpreventryenv, ...; queuedst = pushstack...; widenimprecisescalarsenv,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...
Linux Distros Unpatched Vulnerability : CVE-2026-45903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 bpf: verifier: Refactor helper access type tracking, the verifier started relying on...
SUSE CVE-2026-45903
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...
CVE-2026-45903
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs because several BPF helper functions lack proper memory access flags, such as MEMRDONLY or MEMWRITE. Consequently, the verifier may incorrectly assume that buffer contents remain unchanged across...
CVE-2026-45933
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The synclinkedregs function fails to preserve the register ID during bounds propagation, which can lead to incorrect register state. This issue may allow a local attacker to trigger a 'division by zero' error, resulting i...
CVE-2026-45903
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...
CVE-2026-45903 bpf: Fix memory access flags in helper prototypes
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...
CVE-2026-45839
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
Astra Linux – Vulnerability in Linux
The kernel/bpf/verifier.c file in the Linux kernel, as of version 5.12.1, performs undesirable speculative loads. This leads to the disclosure of stack contents through side-channel attacks, known as CID-801c6058d14a. The main issue is that the BPF stack area is not properly protected against...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fixed a memory leak in array reallocation for stack state. If an error NULL is returned by krealloc, callers of reallocarray would set their allocation pointers to NULL. However, when an error occurs in krealloc, i...