957 matches found
CVE-2026-45838
bpf: fix end-of-list detection in cgroupstoragegetnextkey...
PT-2026-43818
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the BPF subsystem involving BTF objects. The problem stems from incorrect refcounting within the check pseudo btf id function, which can lead to the chec...
CVE-2026-45951
bpf: Fix a potential use-after-free of BTF object...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from not restricting the size of BPF program signatures. This vulnerability may cause the kernel to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bpfmapgetinfobyfd function in bpf. This function does not check the frozen state of maps during t...
PT-2026-43671
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the arena vm close function during a fork operation. The arena vm open function increments the vml-mmap count but fails to register the child Virtual...
Astra Linux – Vulnerability in Linux
In kernel/bpf/verifier.c in the Linux kernel before version 5.12.13, a branch prediction can be mispredicted e.g., due to type confusion, allowing a non-privileged BPF program to access arbitrary memory locations through a side-channel attack, known as CID-9183671af6db...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fixed the jump offset calculation in tailcall. The additional call to bpfintjitcompile skips the JIT context initialization. This effectively skips the offset calculation, resulting in outoffset = -1. Therefore, t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Mitigation is only applied to cBPF programs loaded by unprivileged users. Support for eBPF programs loaded by unprivileged users is typically disabled. This means that only cBPF programs need to be mitigated for BHB...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: slab: fixed the context check for kmallocnolock in the PREEMPTRT kernel mode. In PREEMPTRT kernels, locallock acts as a sleeping lock. The current check in kmallocnolock only verifies that the context does not match NMI or hard I...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: prevented decltag from being referenced in funcproto Syzkaller was able to exploit the following issue: ------------ cut here --- WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed the WARN function in getbpfrawtp regs. syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpftrace.c:1861 getbpfrawtp regs+0xa4/0x100 kernel/trace/bpftrace.c:1861 Modules linked in: CPU: 3 UID: 0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: c sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. Therefore, the function must ensure...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fixed a potential memory leak related to jitdata. Make sure that jitdata is freed through kfree in the error path...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 architectures, there is a vulnerability where forcing an 8-byte alignment for the JIT buffer can prevent atomic tearing. The struct bpfplt structure contains a u64 target field. Currently, the BPF JIT allocat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for constant blinding in PROBEMEM32 stores The immediate stores of BPFST|BPFMEM32 are not handled by bpfjitblindinsn. This allows user-controlled 32-bit immediate values to survive blinding and be included in JIT-compile...
Astra Linux – Vulnerability in Linux, Linux 5.10
preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the verifier’s assumptions regarding the socket-sk structure. The verifier assumes that the sk field in the struct socket structure is valid and not NULL when the socket pointer itself is trusted and not NULL. This...