1901 matches found
SUSE CVE-2026-45971
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
CVE-2026-45927
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability, a Time-of-check to time-of-use TOCTOU bug, allows a local attacker to modify the contents of a BPF map after its hash has been calculated but before it is frozen. Consequently, a trusted loader could ...
CVE-2026-45967
A flaw was found in the Linux kernel. Specifically, a bug in the mapdirectvalueaddr function, which is part of the Berkeley Packet Filter BPF instruction array map, leads to incorrect address calculations when dealing with non-zero offsets. This issue could result in the kernel accessing unintend...
CVE-2026-45971
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. A local attacker could exploit this vulnerability by providing an excessively large BPF program signature. This could force the kernel into expensive memory allocation paths, potentially leading to resource exhaustion an...
EUVD-2026-32251
In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...
UBUNTU-CVE-2026-45951
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
UBUNTU-CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
UBUNTU-CVE-2026-45971
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
CVE-2026-45839
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter CO-RE Compile Once - Run Everywhere accessor parsing. A local attacker with CAPBPF capabilities could craft a malicious BPF program that uses negative CO-RE accessor indices. This input validation vulnerability allows for an...
CVE-2026-45838
A flaw was found in the Linux kernel. Specifically, within the Berkeley Packet Filter BPF component, an error in the cgroupstoragegetnextkey function's end-of-list detection mechanism can cause the system to read from an invalid memory location. This incorrect handling may lead to internal map...
CVE-2026-45971
The CVE-2026-45971 issue affects the Linux kernel BPF component where allowing large BPF program signature sizes enabled costly allocations (kmalloc_large/vmalloc), risking resource exhaustion and DoS. The vulnerability is described as resolved in the Linux kernel via fixes under the patch set “b...
CVE-2026-45971
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
CVE-2026-45967
In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...
CVE-2026-45951 bpf: Fix a potential use-after-free of BTF object
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
CVE-2026-45903
CVE-2026-45903 concerns the Linux kernel where the BPF verifier memory-access flag handling in helper prototypes was incorrect. After a verifier refactor, several helpers using ARG_PTR_TO_MEM lacked MEM_RDONLY or MEM_WRITE, causing the verifier to incorrectly assume buffers were unchanged across ...
CVE-2026-45903
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...
CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...
CVE-2026-45886
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...