4522 matches found
CVE-2026-53083
The CVE-2026-53083 entry concerns the Linux kernel bpf subsystem. A missing cond_resched() in bpf_fd_array_map_clear() can cause RCU stalls when PROG_ARRAY maps have many entries, because prog_array_map_poke_run() is invoked per entry without yielding under load. The issue is triggered in the loo...
CVE-2026-53083 bpf: Fix RCU stall in bpf_fd_array_map_clear()
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...
CVE-2026-53081
The CVE-2026-53081 issue affects the Linux kernel BPF verifier: when two scalar registers carry BPF_ADD_CONST, id mapping could become inconsistent because the compound id (base | ADD_CONST) was mapped without validating the underlying base IDs. This could allow two verifier states where one deri...
CVE-2026-53081 bpf: Enforce regsafe base id consistency for BPF_ADD_CONST scalars
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...
CVE-2026-53081 bpf: Enforce regsafe base id consistency for BPF_ADD_CONST scalars
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...
CVE-2026-53078 bpf: Fix same-register dst/src OOB read and pointer leak in sock_ops
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix same-register dst/src OOB read and pointer leak in sockops When a BPF sockops program accesses ctx fields with dstreg == srcreg, the SOCKOPSGETSK and SOCKOPSGETFIELD macros fail to zero the destination register in the...
CVE-2026-53076 bpf: Fix OOB in pcpu_init_value
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix OOB in pcpuinitvalue An out-of-bounds read occurs when copying element from a BPFMAPTYPECGROUPSTORAGE map to another pcpu map with the same valuesize that is not rounded up to 8 bytes. The issue happens when: 1. A...
EUVD-2026-38942
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access...
CVE-2026-53074
Summary of CVE-2026-53074 (Linux kernel) : The issue occurs in the bpf_prog_test_run_skb() path where the code may access ip_hdr(skb) or ipv6_hdr(skb) for IPv4/IPv6 inputs even when only an Ethernet header is present. If the Ethernet frame carries an IPv4/IPv6 EtherType but the Layer 3 header is ...
CVE-2026-53074 bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access...
CVE-2026-53036 bpf, arm64: Fix off-by-one in check_imm signed range check
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...
CVE-2026-53033
CVE-2026-53033 affects the Linux kernel’s BPF sockmap path, causing a race in unix_stream_bpf_update_proto() that can yield a Use-After-Free when a BPF iterator updates a sockmap during a TCP state transition. The issue is resolved by taking the state lock for AF_UNIX iterations to keep the unix ...
CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
CVE-2026-53032
The CVE-2026-53032 issue affects the Linux kernel's BPF subsystem, specifically the map_kptr_match_type function. A scalar register stored into a kptr can trigger a NULL dereference when the code branches on btf_is_kernel(reg->btf) before verifying base_type(), since such registers have no BTF...
CVE-2026-52938
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF storage. A race condition can occur where a storage element is accessed after its associated map has been deallocated, leading to a null pointer dereference. This can cause a kernel crash, resulting in a Denial of Service DoS for t...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the stackmap overflow check in bpfgetstackid Syzkaller reported a KASAN vulnerability related to out-of-bounds write operations in bpfgetstackid, when copying stack trace data. This issue occurs when the perf trace...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a reference count leak in bpfprogtestrunxdp syzbot reports: unregisternetdevice: Waiting for sit0 to become available. Usage count = 2. A debug printk patch revealed that a reference count is obtained at...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an invalid prog-stats access when updateeffectiveprogs fails. The issue occurs due to a fault-injected code sequence in updateeffectiveprogs. The problem can be described as follows: c cgroupbpfdetach...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: BPF: Do not allow BPF test infra to emit invalid GSO types to the stack. Yinhao et al. reported that their fuzzer tool was able to trigger the skbwarnbadoffload function from netifskbfeatures - gsofeaturescheck. When a BPF progra...