EUVD-2022-35026

Malicious code in bioql PyPI...

CVE-2025-38640

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

CVE-2025-38285 bpf: Fix WARN() in get_bpf_raw_tp_regs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN in getbpfrawtpregs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpftrace.c:1861 getbpfrawtpregs+0xa4/0x100 kernel/trace/bpftrace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm:...

CVE-2025-38280

CVE-2025-38280 affects the Linux kernel’s BPF/JIT path. When a BPF program is compiled with JIT and CONFIG_BPF_JIT_ALWAYS_ON is not set while bpf_jit_enable is 1, the arch may attempt JIT the program, fail due to FAULT_INJECTION, and incorrectly treat the program as valid, causing a WARN_ON_ONCE ...

CVE-2025-38202

CVE-2025-38202 affects the Linux kernel: bpf_map_lookup_percpu_elem() used by BPF per-CPU hashmap lookups may trigger a warning when used in a sleepable BPF program if BPF JIT is disabled or on 32-bit hosts, due to a missing rcu_read_lock_trace_held() check. The patch adds the missing check to cl...

CVE-2022-49970

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1...

CVE-2022-49970 bpf, cgroup: Fix kernel BUG in purge_effective_progs

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1 PI...

CVE-2025-37884

CVE-2025-37884: In the Linux kernel, a deadlock between rcu_tasks_trace and event_mutex was fixed. The issue manifested in _free_event() calling perf_trace_event_unreg() under mutex_lock(&event_mutex) while perf_kprobe_destroy() could synchronize_rcu_tasks_trace(), and in bpf_prog_test_run_syscal...

CVE-2025-22087

Technical details about CVE-2025-22087 are not provided in the connected documents. The description outlines kernel stack/array bounds handling but no public advisories, affected products/versions, or mitigations are given here. Monitor for updates.

CVE-2025-22048 LoongArch: BPF: Don't override subprog's return value

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test calls: div by 0 in subprog triggers a panic at the ld.bu instruction. The ld.bu insn is trying to load byte from memory address returned by the subprog. The...

CVE-2025-21965 sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()

In the Linux kernel, the following vulnerability has been resolved: schedext: Validate prevcpu in scxbpfselectcpudfl If a BPF scheduler provides an invalid CPU outside the nrcpuids range as prevcpu to scxbpfselectcpudfl it can cause a kernel crash. To prevent this, validate prevcpu in...

Linux Distros Unpatched Vulnerability : CVE-2024-56786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: put bpflink's program when link is safe to be deallocated In general, BPF link's...

CVE-2025-21728 bpf: Send signals asynchronously if !preemptible

In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpfsendsignal kfunc, it will cause issues because this kfunc can...

CVE-2025-21728

In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpfsendsignal kfunc, it will cause issues because this kfunc can...

CVE-2022-49548 bpf: Fix potential array overflow in bpf_trampoline_get_progs()

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...

CVE-2024-56592

In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...

CVE-2024-56615 bpf: fix OOB devmap writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as...

CVE-2022-3646 Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply ...

UBUNTU-CVE-2022-3606

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function findprogbysecinsn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The...

CVE-2022-2785

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAPBPF can arbitrarily read memory from anywhere on the system. We...