259 matches found
PT-2025-18557 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A problem of alignment in the bpf prog test run skb function has been resolved. The issue occurred when the size of the user bpf program was an odd number, causing unaligned access to...
DEBIAN-CVE-2024-58099
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...
CVE-2024-58099
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...
CVE-2024-58099
The CVE-2024-58099 issue affects Linux kernel vmxnet3 when a native XDP program adds an encapsulation header (e.g., IPIP) and uses the same interface for transmission. The root cause is a fixed DMA offset in vmxnet3_xdp_xmit_frame(): tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_H...
CVE-2024-58099 vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...
The vulnerability of the bpf_program() function in the Linux kernel’s drivers/net/ppp/ppp_generic.c file allows a hacker to cause a service failure.
The vulnerability of the bpfprogram function in the Linux kernel’s drivers/net/ppp/pppgeneric.c file is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-22087
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...
UBUNTU-CVE-2025-22087
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...
CVE-2025-22087 bpf: Fix array bounds error with may_goto
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...
AZL-59934 CVE-2025-21922 affecting package kernel for versions less than 6.6.85.1-2
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning 1, which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP...
CVE-2025-21922
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning 1, which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP...
CVE-2025-21922 ppp: Fix KMSAN uninit-value warning with bpf
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning 1, which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP...
CVE-2025-21922
CVE-2025-21922 concerns a Linux kernel PPP driver issue where a 2-byte header used by socket filter/BPF is not fully initialized, triggering a KMSAN “uninit-value” warning. The root cause, as described, is that only the first byte of the direction indicator is initialized while the second byte re...
CVE-2025-21922 ppp: Fix KMSAN uninit-value warning with bpf
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning 1, which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP...
bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
...
bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
...
SUSE CVE-2024-58088
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a "bpf: Prevent deadlock from recursive bpftaskstorageget|delete" first introduced deadlock prevention for fentry/fexit programs attaching on...
CVE-2025-21852
In the Linux kernel, the following vulnerability has been resolved: net: Add rxskb of kfreeskb to rawtpnullargs. Yan Zhai reported a BPF prog could trigger a null-ptr-deref 0 in tracekfreeskb if the prog does not check if rxsk is NULL. Commit c53795d48ee8 "net: add rxsk to tracekfreeskb" added rx...
CVE-2025-21852 net: Add rx_skb of kfree_skb to raw_tp_null_args[].
In the Linux kernel, the following vulnerability has been resolved: net: Add rxskb of kfreeskb to rawtpnullargs. Yan Zhai reported a BPF prog could trigger a null-ptr-deref 0 in tracekfreeskb if the prog does not check if rxsk is NULL. Commit c53795d48ee8 "net: add rxsk to tracekfreeskb" added rx...
CVE-2025-21852
Concisely: CVE-2025-21852 affects the Linux kernel net/BPF path where trace_kfree_skb could dereference a NULL rx_sk when a BPF program loads a skb trace. The fix was to add kfree_skb to raw_tp_null_args[] to allow the BPF verifier to handle NULL rx_sk safely (PTR_MAYBE_NULL handling cited in the...