Lucene search
K

116 matches found

OSV
OSV
added 2024/06/19 2:15 p.m.1 views

DEBIAN-CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpfobjecloadprog, there's no guarantee that obj-btf is non-NULL when passing it to btffd, and this function does not perform any check before dereferencing...

5.5CVSS5.4AI score0.00225EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/06/19 1:35 p.m.22 views

CVE-2024-38574

In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpfobjecloadprog, there's no guarantee that obj-btf is non-NULL when passing it to btffd, and this function does not perform any check before dereferencing...

5.5CVSS5.7AI score0.00225EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.5 views

kernel: Linux kernel: BPF verifier log truncation via crafted user input

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier log. A local user can exploit this by providing excessively long BPF Type Format BTF names or BTF.ext source code line strings. This can lead to the truncation of a single verifier log line, potentially obscuring important...

5.8AI score0.00166EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/04/13 2:19 a.m.4 views

SUSE CVE-2021-47190

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf perfenvinsertbtf doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if...

5.5CVSS4.3AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/10 6:56 p.m.15 views

CVE-2021-47190 perf bpf: Avoid memory leak from perf_env__insert_btf()

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf perfenvinsertbtf doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if...

6.8AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a memory leak vulnerability in perfenvinsertbtf...

5.5CVSS4.4AI score0.00232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.9 views

PT-2024-28073 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null-pointer dereference in the libbpf component of the Linux kernel. Specifically, in the bpf objec load prog function, there is no guarantee that obj-btf is...

9.8CVSS6.5AI score0.01483EPSS
Exploits3References686
SUSE CVE
SUSE CVE
added 2024/02/24 3:16 a.m.3 views

SUSE CVE-2024-26591

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...

5.5CVSS6.6AI score0.00231EPSS
Exploits0References9
OSV
OSV
added 2024/02/22 5:15 p.m.5 views

DEBIAN-CVE-2024-26591

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpftracingprogattach The following case can cause a crash due to missing attachbtf: 1 load rawtp program 2 load fentry program with rawtp as targetfd 3 create tracing link for fentry program with...

5.5CVSS5.7AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.2 views

DEBIAN-CVE-2023-52446

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a race condition between btfput and mapfree When running ./testprogs -j in my local vm with latest kernel, I once hit a kasan error like below: 1887.184724 BUG: KASAN: slab-use-after-free in bpfrbrootfree+0x1f8/0x2b0...

7.8CVSS5.5AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.2 views

UBUNTU-CVE-2023-52446

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a race condition between btfput and mapfree When running ./testprogs -j in my local vm with latest kernel, I once hit a kasan error like below: 1887.184724 BUG: KASAN: slab-use-after-free in bpfrbrootfree+0x1f8/0x2b0...

7.8CVSS6AI score0.00226EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition between btfput and mapfree...

7.8CVSS8AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.5 views

PT-2023-8763 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0-rc3-00699-g90679706d486-dirty 494 Description: The vulnerability is related to a race condition between btf put and map free in the Linux kernel. This issue can lead to a slab-use-after-free error,...

7.8CVSS6.6AI score0.78388EPSS
Exploits2References467
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: bpf: prevent decl_tag from being referenced in func_proto

A flaw was found in the Linux kernel's BPF BTF BPF Type Format validation. The BTF parser allows a funcproto type to reference a decltag as its return type, which is invalid. When btftypeidsize encounters this unexpected type, it triggers a kernel warning. This can be exploited via the bpf syscal...

5.7AI score0.00155EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.1 views

PT-2023-36023 · Git +1 · Libbpf

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the functions btf ensure modifiable, btf add var, and bpf object collect extern...

7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: bpf: Fix UAF due to race between btf_try_get_module and load_module

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

7.8CVSS6.3AI score0.00258EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...

5.5CVSS6.4AI score0.00284EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.1 views

SUSE CVE-2022-3534

A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btfdumpnamedups of the file tools/lib/bpf/btfdump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this...

7.3CVSS4.9AI score0.00535EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-33635 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: A bug in BTF ID LIST has been identified when CONFIG DEBUG INFO BTF is not set. The actual impact and potential for attack have not been proven yet. Recommendations: For Linux Kernel version...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/01 12:0 a.m.7 views

PT-2025-54076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a warning was triggered in the btf type id size function when processing certain BPF Berkeley Packet Filter types. Specifically, a warning occurr...

5.9AI score0.00166EPSS
Exploits0
Rows per page
Query Builder