105 matches found
CVE-2026-10722
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...
CVE-2026-10722
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...
EUVD-2026-32235
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
CVE-2026-45951
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
UBUNTU-CVE-2026-45951
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
CVE-2026-45839
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
UBUNTU-CVE-2026-45839
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
CVE-2026-45839
CVE-2026-45839 affects the Linux kernel BPF Core Relocation (CO-RE) parsing. Negative CO-RE accessor indices parsed by bpf_core_parse_spec() were not rejected, allowing an out-of-bounds read when -1 reaches btf_member_bit_offset(). This can crash the kernel during BPF_PROG_LOAD on systems with CO...
PT-2026-43673
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpf core parse spec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrect reference counting of BTF objects in the checkpseudobtfid function. This vulnerability...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the issue relates to tcpcongestionops, which has...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: The error check in parsebtffield has been fixed. btffindstructmember may return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. This issue is fixed b...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decltag bug when tagging a function syzbot reported a btf decltag bug with stack trace below: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASAN KASAN:...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed the re-attachment branch in bpftracingprogattach. The following scenario can cause a crash due to a missing attachbtf: 1 Load the rawtp program. 2 Load the fentry program with rawtp as targetfd. 3 Create a tracing...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013423)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013423 advisory. A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a...
SUSE CVE-2023-54247
In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize syzbot reported a warning in 1 with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP:...
EUVD-2023-60394
In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize syzbot reported a warning in 1 with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP:...
CVE-2023-54247
In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize syzbot reported a warning in 1 with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP:...
CVE-2023-54247
In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize syzbot reported a warning in 1 with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP:...
CVE-2022-50862
In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decltag from being referenced in funcproto Syzkaller was able to hit the following issue: ------------ cut here ------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...