18 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: It is necessary to preserve the id of the register in the synclinked regs function. The synclinked regs function copies the id of knownreg to reg when propagating the bounds of knownreg to reg, using the offset of knownreg...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the bounds of the register are not correct. In particular, its...
CVE-2026-45933
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The synclinkedregs function fails to preserve the register ID during bounds propagation, which can lead to incorrect register state. This issue may allow a local attacker to trigger a 'division by zero' error, resulting i...
CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
UBUNTU-CVE-2026-45933
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
CVE-2026-45933
CVE-2026-45933 affects the Linux kernel BPF verifier. The root cause is that sync_linked_regs() failed to preserve the register ID during bounds propagation, so when known_reg bounds were propagated to reg, reg retained an old/new id mismatch. This can cause incorrect bound propagation across lin...
CVE-2026-45933 bpf: Preserve id of register in sync_linked_regs()
In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...
PT-2026-43800
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF verifier where the sync linked regs function incorrectly copies the ID of a known register to another register when propagating bounds. Specifically, if a...
CVE-2026-43070
In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989581 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case...
EUVD-2022-54574
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...
SUSE CVE-2022-49658
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...
CVE-2022-49658 bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...
CVE-2022-49658 bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...
CVE-2022-49658
CVE-2022-49658 concerns the Linux kernel’s BPF bounds propagation. The issue stems from insufficient propagation of tnum min/max bounds into register bounds during operations like adjust_scalar_min_max_vals, allowing a register that becomes a constant-like value to leak pointers when it is later ...
SUSE CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
GSD-2022-1004593 bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.130 by commit...
CLSA-2022-1644933991 Fix of CVE: CVE-2021-31440, CVE-2022-0435
tipc: improve size validations for received domain records Jon Maloy CVE-2022-0435 - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds Yauheni Kaliuta CVE-2021-31440 - bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds Yauheni Kaliuta CVE-2021-31440...