WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode

...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the preservelocalforblock function, when handling a sequence where a GETGLOBALI32 opcode is followed by an if opcode in fast interpreter mode. An attacker can cause out-of-bounds access to the frameoffsetbottom arr...

CVE-2025-64713 WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...

WebAssembly Micro Runtime 缓冲区错误漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

SUSE CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

DEBIAN-CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

UBUNTU-CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

CVE-2024-42063

CVE-2024-42063: In the Linux kernel, a KMSAN-flagged uninitialized memory issue was identified in BPF devmap when calling map_lookup_elem/map_delete_elem in interpreter mode. Reproducer shows uninitialized value paths through __dev_map_lookup_elem and bpf_map_lookup_elem during BPF program execut...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of uninitialized memory by the bpf program stack in interpreter mode...

SUSE CVE-2023-52621

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

AZL-58761 CVE-2023-52621 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

DEBIAN-CVE-2023-52621

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

CVE-2023-52621

CVE-2023-52621: In the Linux kernel, a fix was added to bpf map helpers (bpf_map_lookup_elem, bpf_map_update_elem, bpf_map_delete_elem) to check rcu_read_lock_trace_held() before use when running sleepable BPF programs. The vulnerability arises when sleepable BPF programs manipulate BPF maps unde...

CVE-2023-52621

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...