13 matches found
SUSE CVE-2023-54033
In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element on update before locking the target hash table bucket. Right after that the maps try to lock the bucket. If this fails,...
SUSE CVE-2025-68744
In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...
PT-2025-40724
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where an error from htab lock bucket is not properly propagated to userspace. Specifically, in the htab map lookup and delete batch function, if htab...
CLSA-2025-1758034087 kernel: Fix of 24 CVEs
tls: always refresh the queue when reading sock CVE-2025-38471 - Bluetooth: hcicore: Fix use-after-free in vhciflush CVE-2025-38250 - i2c/designware: Fix an initialization issue CVE-2025-38380 - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds CVE-2025-38159 - mm/hugetlb:...
SUSE CVE-2024-56592
In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...
AZL-68315 CVE-2024-56592 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...
CVE-2024-56592 bpf: Call free_htab_elem() after htab_unlock_bucket()
In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...
SUSE CVE-2024-49861
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map like in case of .rodata, it was still possible to write into it from a BPF program side through specific helpers having...
AZL-58761 CVE-2023-52621 affecting package kernel for versions less than 5.15.182.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough references to overflow the counters. There are exceptions for things...
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Linux Kernel Ubuntu 16.04 - Reference Count Overflow Using BPF Maps Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough...
Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Exploit for linux platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough references to...