PT-2026-38984

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the check mem access function matches PTR TO BUF via base type, which strips PTR MAYBE NULL. This allows direct dereference of pointers without...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the checkmemaccess function in the BPF module, which matches PTRTOBUF pointers using...

CVE-2026-43070

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The verifier fails to correctly reset a register's ID after a BPFEND byte swap operation. This oversight can lead to the verifier incorrectly propagating learned memory bounds to other registers, creating false confidence...

SUSE CVE-2026-43009

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...

Poly Clariti Manager – May 2026 Security Update

Multiple potential security vulnerabilities have been identified on Poly Clariti Manager, on-premises management platform. These vulnerabilities are related to Berkeley Internet Name Domain BIND, which is an open-source protocol. HP has released updates to mitigate the potential vulnerabilities. ...

CVE-2026-43070

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...

CVE-2026-43070

The CVE describes a Linux kernel BPF verifier flaw: after a BPF_END (byte swap), dst_reg->id is not reset to 0, which can cause the verifier to propagate learned bounds to a linked register, creating a risk of out-of-bounds memory accesses. The concrete impact is potential privilege/escalation...

CLSA-2026-1777946894 Fix CVE(s): CVE-2022-0391, CVE-2022-45061, CVE-2024-7592, CVE-2026-4519

SECURITY UPDATE: URL parsing accepts ASCII tab/CR/LF URL smuggling - debian/patches/CVE-2022-0391.patch: sanitise tab, CR, LF anywhere in URL/scheme inside urlsplit before cache lookup, plus regression test in Lib/urlparse.py, Lib/test/testurlparse.py. - CVE-2022-0391 SECURITY UPDATE: Quadratic...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 architectures, there is a vulnerability where forced 8-byte alignment of the JIT buffer is required to prevent atomic tearing. The struct bpfplt structure contains a u64 target field. Currently, the BPF JIT...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: prevented decltag from being referenced in funcproto Syzkaller was able to exploit the following issue: ------------ cut here --- WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu. The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS. The transportheader i...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the metadatadst leak in bpfredirectneigh for arguments bpfredirectneighv4,6 Cilium includes a BPF egress gateway feature that forces outgoing Kubernetes Pods’ traffic to pass through dedicated egress gateways. This...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: slab: fixed the context check for kmallocnolock in the PREEMPTRT kernel. On PREEMPTRT kernels, locallock becomes a “sleeping lock”. The current check in kmallocnolock only verifies that we are not in NMI or hard IRQ contexts, but...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Freeing special fields when updating lru,percpuhash maps Since lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to ‘bpfobjfreefields’ in ‘pcpucopyvalue’ could cause the memory referenced by BPFKPTRREF,PERCPU fiel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, similar to the memory leak issue reported by syzbo...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fixed the jump offset calculation in tailcall. The additional call to bpfintjitcompile skips the JIT context initialization. This effectively skips the offset calculation, resulting in outoffset = -1. Therefore, t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: c sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. Therefore, the function must ensure...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed out-of-bounds access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can occur through tail calls. This occurs when two programs each utilize a cgroup local storage with...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...