956 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments,...
CVE-2026-53092
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability occurs due to incorrect delta tracking when source and destination registers are the same during register value adjustments. This can lead to a mismatch between the BPF verifier's analysis and the actu...
CVE-2026-53035
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF sockmap component. A deadlock can occur in the bpfiterunixseqshow function when an iterator program attempts to update a sockmap while a lock is already held. This recursive locking scenario can lead to a system freeze or...
CVE-2026-53036
A flaw was found in the Linux kernel. Specifically, an off-by-one error exists in the BPF Berkeley Packet Filter JIT Just-In-Time compiler when handling immediate values for branch instructions on ARM64 architectures. This vulnerability allows the system to process values outside their intended...
CVE-2026-53111
A flaw was found in the Linux kernel. The bpflwtxmitpushencap helper in the Berkeley Packet Filter BPF subsystem attempts to access an uninitialized network device structure during certain test runs. A local user can exploit this null pointer dereference by executing the bpflwtpushipencap functio...
CVE-2026-53110
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter JIT Just-In-Time compiler for the s390x architecture. The system's Application Binary Interface ABI requires that unsigned arguments and return values be zero-extended. However, the BPF JIT compiler incorrectly performed only sign...
CVE-2026-53089
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter subsystem. When querying information for an offloaded BPF map or program, a race condition can occur during network namespace destruction. This can lead to a use-after-free vulnerability, potentially causing a system crash or denia...
CVE-2026-53081
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs due to inconsistent base ID mapping when the regsafe function compares scalar registers with BPFADDCONST values. This inconsistency allows the BPF verifier to incorrectly succeed in state pruning...
CVE-2026-53032
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability occurs in the mapkptrmatchtype function when a scalar register is stored into a kernel pointer kptr slot. Due to an incorrect order of checks, the system attempts to access a null pointer, specifically...
CVE-2026-53085
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This use-after-free vulnerability occurs when the taskvma iterator reads task memory without properly acquiring a reference, allowing the memory structure to be freed concurrently while still in use. This can lead to...
CVE-2026-53184
A flaw was found in the Linux kernel. When a User Datagram Protocol UDP socket is configured with a sockmap, and a BPF Berkeley Packet Filter program attached to it calls a socket-lookup helper, the skb-dev field is not properly cleared. This improper handling of the skb-dev field can lead to a...
CVE-2026-53034
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF and sockmap components, specifically within the afunix socket operations. A race condition occurs during the connection process where a socket's state is updated before its peer is fully assigned. This timing issue can lead to a...
CVE-2026-53033
A flaw was found in the Linux kernel's sockmap functionality. A race condition exists in the unixstreambpfupdateproto function when a BPF Berkeley Packet Filter iterator program updates a sockmap. This can lead to a use-after-free UaF vulnerability, where memory is accessed after it has been free...
CVE-2026-53074
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter subsystem. Specifically, the bpfprogtestrunskb function, responsible for testing BPF programs with network packets, did not properly validate the length of IPv4 and IPv6 inputs. This could allow the kernel to attempt to access...
CVE-2026-53076
A flaw was found in the Linux kernel. This vulnerability, located in the BPF Berkeley Packet Filter subsystem, involves an out-of-bounds read when data is copied between specific types of BPF maps. The system incorrectly handles data sizes that are not aligned to a specific memory boundary, causi...
CVE-2026-53094
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. When a dev-bound-only BPF program undergoes Just-In-Time JIT compilation with constant blinding enabled, a stale pointer to a freed program can occur. This issue arises when the network namespace is destroyed, leading to...
CVE-2026-53095
A flaw was found in the Linux kernel. This vulnerability allows for the abuse of the kprobewritectx mechanism through freplace in Berkeley Packet Filter BPF kprobe programs. A local attacker could exploit this by attaching a freplace program to a kprobe program that is attached to a kernel...
EUVD-2026-38900
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...
EUVD-2026-38901
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
CVE-2026-53081
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...