386 matches found
AZL-67208 CVE-2025-39748 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpfgetnetnscookie 1: if r0 == 0 goto 2: if r0 & Oxffffffff goto The issue ...
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET
In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpfgetnetnscookie 1: if r0 == 0 goto 2: if r0 & Oxffffffff goto The issue ...
CVE-2025-39748
In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpfgetnetnscookie 1: if r0 == 0 goto 2: if r0 & Oxffffffff goto The issue ...
CVE-2025-39748
CVE-2025-39748 - Linux kernel BPF verifier issue (JSET) patched Root cause: A verifier range refinement bug after JSET could produce inconsistent register bounds on an unreachable path, due to not forgetting ranges after narrowing tnums post-JSET. Impact: Local access to kernel may be affected; C...
VulnCheck KEV: CVE-2023-2163
Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...
AZL-66440 CVE-2025-38591 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...
AZL-71033 CVE-2025-38591 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...
DEBIAN-CVE-2025-38591
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...
UBUNTU-CVE-2025-38591
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...
CVE-2025-38591
CVE-2025-38591 affects the Linux kernel and is resolved by a patch in the BPF verifier. The issue involved a narrowing context access check in BPF, where a program attempted to read a pointer field (offset 169) in __sk_buff (field sk at offset 168). The verifier incorrectly allowed this “narrower...
Linux Distros Unpatched Vulnerability : CVE-2017-17862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also...
Linux Distros Unpatched Vulnerability : CVE-2022-49878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error NULL is...
Linux Distros Unpatched Vulnerability : CVE-2025-38060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values fr...
Linux Distros Unpatched Vulnerability : CVE-2025-21852
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: Add rxskb of kfreeskb to rawtpnullargs. Yan Zhai reported a BPF prog could trigger a...
PT-2025-37207
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the BPF Berkeley Packet Filter subsystem related to range refinement after a JSET instruction. A kernel warning can occur due to a range invariant...
SUSE CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
DEBIAN-CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
AZL-64995 CVE-2025-38279 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38060
In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...
CVE-2022-49961
In the Linux kernel, the following vulnerability has been resolved: bpf: Do markchainprecision for ARGCONSTALLOCSIZEORZERO Precision markers need to be propagated whenever we have an ARGCONST style argument, as the verifier cannot consider imprecise scalars to be equivalent for the purposes of...