1871 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 architectures, there is a vulnerability where forcing an 8-byte alignment for the JIT buffer can prevent atomic tearing. The struct bpfplt structure contains a u64 target field. Currently, the BPF JIT allocat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: prevented decltag from being referenced in funcproto Syzkaller was able to exploit the following issue: ------------ cut here --- WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for checking attempts to corrupt spilled pointers When a register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus possibly a few more bytes depending on the actual spill size...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu. The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS. The transportheader i...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed the memory leak in bpfskselectreuseport As pointed out in the original comment, a lookup in sockmap can return a TCP ESTABLISHED socket. Such a TCP socket may have had SOATTACHREUSEPORTEBPF set before it became...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Rejects redirects of skmsg messages to non-TCP sockets With a SOCKMAP/SOCKHASH map and a skmsg program, users can direct messages sent from one TCP socket s1 to actually exiting from another TCP socket s2...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fixed the jump offset calculation in tailcall. The additional call to bpfintjitcompile skips the JIT context initialization. This effectively skips the offset calculation, resulting in outoffset = -1. Therefore, t...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Mitigation is only applied to cBPF programs loaded by unprivileged users. Support for eBPF programs loaded by unprivileged users is typically disabled. This means that only cBPF programs need to be mitigated for BHB...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed incorrect reg type conversion in releasereference Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release this memory by calling the corresponding helper...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the metadatadst leak in bpfredirectneigh for arguments bpfredirectneighv4,6 Cilium includes a BPF egress gateway feature that forces outgoing Kubernetes Pods’ traffic to pass through dedicated egress gateways. This...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed out-of-bounds access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can occur through tail calls. This occurs when two programs each utilize a cgroup local storage with a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: rc: The bpf attach/detach operation requires write permission. source-iocs-preserved const=CAPNETADMIN...
bind security update
An update is available for bind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Name...
AlmaLinux 9 : bind (ALSA-2026:24367)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24367 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...
SUSE CVE-2026-45679
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...
SUSE CVE-2026-45681
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...
CVE-2026-45680
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...
EUVD-2026-34082
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...