1901 matches found
CVE-2026-53081
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...
CVE-2026-53036
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...
EUVD-2026-38978
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend...
CVE-2026-53090 bpf: Fix ld_{abs,ind} failure path analysis in subprogs
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ldabs,ind failure path analysis in subprogs Usage of ldabs,ind instructions got extended into subprogs some time ago via commit 09b28d76eac4 "bpf: Add abnormal return checks.". These are only allowed in subprograms when...
EUVD-2026-38949
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...
EUVD-2026-38946
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix same-register dst/src OOB read and pointer leak in sockops When a BPF sockops program accesses ctx fields with dstreg == srcreg, the SOCKOPSGETSK and SOCKOPSGETFIELD macros fail to zero the destination register in the...
CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...
CVE-2026-52910 bpf: Free reuseport cBPF prog after RCU grace period.
In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enabling exception fixup for specific ADE subcodes This patch enables the LoongArch BPF JIT to handle recoverable memory access errors generated by BPFPROBEMEM instructions. When a BPF program performs memory access...
Astra Linux – Vulnerability in Linux
It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the unrestricted use of the BPFBTFLOAD function, which could lead to an out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTFs. This flaw allows a local user to crash the system or escalate their privileges...
Astra Linux – Vulnerability in libbpf
A vulnerability was discovered in the Linux kernel. It has been classified as problematic. This issue affects the findprogbysecinsn function in the tools/lib/bpf/libbpf.c file of the BPF component. The vulnerability results in a null pointer derefrence error. It is recommended that a patch be...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition in sockmapfree. sockmapfree calls releasesocksk without owning a reference to the socket. This could lead to a use-after-free, as syzbot identified this issue 1. Jakub Sitnicki already...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: BPF: cpumap: Fixed a memory leak in cpumapupdateelem. Syzkaller reported a memory leak as follows: BUG: Memory leak Unreferenced object 0xff110001198ef748 size 192: Command: "syz-executor.3", PID 17672, Jiffies: 4298118891 Age...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed a crash that occurred due to out-of-bounds access to reg2btfids. When the commit e6ac2450d6de “bpf: Support bpf programs that call kernel functions” added support for kfunc, it defined reg2btfids as a convenient way...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Memory leaks have been fixed in checkfunccall. kmemleak reports this issue: Unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s Hex dump first 32 bytes: 01 00 0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fixed the JIT code size calculation for the BPF trampoline. The archbpftrampolinesize function provides the JIT size of the BPF trampoline before the buffer for JIT compilation of it is allocated. The total number of...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an issue in verifying allowptrleaks. After we changed the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. This was because it failed the bp...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Sleepable kprobemulti programs are rejected during attachment. kprobe.multi programs run in atomic/RCU contexts and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the...