8 matches found
CVE-2022-50450
Summary: CVE-2022-50450 concerns a heap‑based buffer overflow in the ELF handling of libbpf used by BPF loading in the Linux kernel context. The root cause, as described by connected sources, is the direct use of the ELF header field e_shnum to count section headers, which can overflow a heap whe...
CVE-2023-53221
The CVE-2023-53221 case concerns a vulnerability in the Linux kernel where a memleak can occur if fentry attachment fails for a BPF trampoline image. The description states that, when the fentry attach fails, the allocated trampoline image remains in memory and can be observed in /proc/kallsyms a...
SUSE CVE-2025-37939
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext corerelo header Update btfextparseinfo to ensure the corerelo header is present before reading its fields. This avoids a potential buffer read overflow reported by the OSS Fuzz project...
The vulnerability of the libbpf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the libbpf component in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the libbpf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the libbpf component in the Linux operating system’s kernel is related to errors in reading beyond the boundary in the bpfxdpquery function. Exploiting this vulnerability can allow an attacker to cause a service failure...
DEBIAN-CVE-2021-47417
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts...
CLSA-2023-1693827560 Fix of 9 CVEs
Jammy update: v5.15.86 upstream stable release LP: 2005113 // CVE-url: https://ubuntu.com/security/CVE-2022-3606 - libbpf: Fix null-pointer dereference in findprogbysecinsn Jammy update: v5.15.87 upstream stable release LP: 2007441 // CVE-url: https://ubuntu.com/security/CVE-2023-23454 - net:...
The vulnerability of the `find_prog_by_sec_insn()` function (located in `tools/lib/bpf/libbpf.c`) in the Linux operating system kernel allows a attacker to cause a service failure.
The vulnerability of the findprogbysecinsn function located in tools/lib/bpf/libbpf.c in Linux kernel systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...