35 matches found
CVE-2023-53441
CVE-2023-53441: Linux kernel bpf cpumap memory leak fix. The vulnerability concerns cpu_map_update_elem leaking memory in the BPF map update path (cpu_map_entry_alloc path) as observed by Syzkaller. The fix is in the kernel, referenced by commits such as a957ac8e0b5ffb5797382a6adbafd005a5f72851 a...
CVE-2023-53441 bpf: cpumap: Fix memory leak in cpu_map_update_elem
In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 size 192: comm "syz-executor.3", pid 17672, jiffies 4298118891 age 9.906s hex...
kernel: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
SUSE CVE-2022-48940
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copymapvalue When both bpfspinlock and bpftimer are present in a BPF map value, copymapvalue needs to skirt both objects when copying a value into and out of the map. However, the current code does...
UBUNTU-CVE-2024-38662
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a mapdelete on a...
kernel: bpf: cpumap: Fix memory leak in cpu_map_update_elem
In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 size 192: comm "syz-executor.3", pid 17672, jiffies 4298118891 age 9.906s hex...
kernel: bpf: cpumap: Fix memory leak in cpu_map_update_elem
In the Linux kernel, the following vulnerability has been resolved: bpf: cpumap: Fix memory leak in cpumapupdateelem Syzkaller reported a memory leak as follows: BUG: memory leak unreferenced object 0xff110001198ef748 size 192: comm "syz-executor.3", pid 17672, jiffies 4298118891 age 9.906s hex...
DEBIAN-CVE-2023-52621
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
UBUNTU-CVE-2023-52621
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
The vulnerability of the verifier functions ebpf in the bpf_map_update_elem and bpf_map_freeze components of the Linux operating system’s kernel/bpf/syscall.c module allows a attacker to compromise data integrity.
The vulnerability of the verifier functions ebpf in the bpfmapupdateelem and bpfmapfreeze components of the Linux operating system’s kernel/bpf/syscall.c file is related to the absence of locking mechanisms. Exploiting this vulnerability allows an attacker to compromise data integrity...
DEBIAN-CVE-2021-4001
A race condition was found in the Linux kernel's ebpf verifier between bpfmapupdateelem and bpfmapfreeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege capsysadmin or capbpf can modify the frozen mapped address space. This flaw affects kernel...
PT-2012-1503 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue is related to the Reliable Datagram Sockets RDS subsystem in the Linux kernel, which does not properly handle congestion map updates. This can be exploited by local users to cause a...
Solaris - ypupdated Command Execution (Metasploit)
$Id: ypupdatedexec.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Solaris ypupdated Command Execution
require 'msf/core' class Metasploit3 'Solaris ypupdated Command Execution', 'Description' = %q This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request. Extra commands may be launched through this command shell, which runs ...
Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit (meta)
No description provided by source. / \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | |...