CVE-2022-50450

Summary: CVE-2022-50450 concerns a heap‑based buffer overflow in the ELF handling of libbpf used by BPF loading in the Linux kernel context. The root cause, as described by connected sources, is the direct use of the ELF header field e_shnum to count section headers, which can overflow a heap whe...

CVE-2023-53221

The CVE-2023-53221 case concerns a vulnerability in the Linux kernel where a memleak can occur if fentry attachment fails for a BPF trampoline image. The description states that, when the fentry attach fails, the allocated trampoline image remains in memory and can be observed in /proc/kallsyms a...

SUSE CVE-2025-37939

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix accessing BTF.ext corerelo header Update btfextparseinfo to ensure the corerelo header is present before reading its fields. This avoids a potential buffer read overflow reported by the OSS Fuzz project...

DEBIAN-CVE-2021-47417

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts...

CLSA-2023-1693827560 Fix of 9 CVEs

Jammy update: v5.15.86 upstream stable release LP: 2005113 // CVE-url: https://ubuntu.com/security/CVE-2022-3606 - libbpf: Fix null-pointer dereference in findprogbysecinsn Jammy update: v5.15.87 upstream stable release LP: 2007441 // CVE-url: https://ubuntu.com/security/CVE-2023-23454 - net:...