1901 matches found
CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
CVE-2026-45903
CVE-2026-45903 concerns the Linux kernel where the BPF verifier memory-access flag handling in helper prototypes was incorrect. After a verifier refactor, several helpers using ARG_PTR_TO_MEM lacked MEM_RDONLY or MEM_WRITE, causing the verifier to incorrectly assume buffers were unchanged across ...
CVE-2026-45903
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...
CVE-2026-45886
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...
CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...
CVE-2026-45838
In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey listnextentry never returns NULL -- when the current element is the last entry it wraps to the list head via containerof. The subsequent NULL check is therefore dead code...
CVE-2026-45838
bpf: fix end-of-list detection in cgroupstoragegetnextkey...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from not restricting the size of BPF program signatures. This vulnerability may cause the kernel to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bpfmapgetinfobyfd function in bpf. This function does not check the frozen state of maps during t...
CVE-2026-45967
bpf: Return proper address for non-zero offsets in insn array...
PT-2026-43818
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the BPF subsystem involving BTF objects. The problem stems from incorrect refcounting within the check pseudo btf id function, which can lead to the chec...
CVE-2026-45951
bpf: Fix a potential use-after-free of BTF object...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the synclinked regs function in bpf. When this function copies the id of knownreg, it may cause a...
PT-2026-43800
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF verifier where the sync linked regs function incorrectly copies the ID of a known register to another register when propagating bounds. Specifically, if a...
PT-2026-43671
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the arena vm close function during a fork operation. The arena vm open function increments the vml-mmap count but fails to register the child Virtual...
[SECURITY] Fedora 44 Update: bind-9.18.49-1.fc44
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Astra Linux – Vulnerability in Linux, Linux 5.10
preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...