11 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args in case of error For all non-tracing helpers which formerly had ARGPTRTOLONG,INT as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, i...
CVE-2024-50164
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
CVE-2024-50164
The CVE-2024-50164 entry covers a Linux kernel BPF verifier regression where MEM_UNINIT was overloaded to mean both “buffer need not be initialized” and “buffer will be written to.” This allowed a BPF program to write to read-only maps (e.g., .rodata) when the buffer size was not a fixed constant...
CVE-2024-50164 bpf: Fix overloading of MEM_UNINIT's meaning
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
CVE-2024-50164
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
CVE-2024-50164 bpf: Fix overloading of MEM_UNINIT's meaning
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...
CVE-2024-49861
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map like in case of .rodata, it was still possible to write into it from a BPF program side through specific helpers having...
CVE-2024-49861
CVE-2024-49861 affects the Linux kernel: bpf: Fix helper writes to read-only maps. The issue allowed a BPF program to write into a read‑only map (e.g., frozen .rodata) via helpers using ARG_PTR_TO_{LONG,INT}, because meta->raw_mode wasn’t set and check_map_access_type() treated the map as read...
CVE-2024-49861 bpf: Fix helper writes to read-only maps
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map like in case of .rodata, it was still possible to write into it from a BPF program side through specific helpers having...
CVE-2024-47728 bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args in case of error For all non-tracing helpers which formerly had ARGPTRTOLONG,INT as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, i...
CVE-2024-47728
CVE-2024-47728 concerns the Linux kernel where a vulnerability in the BPF subsystem could leak memory due to ARG_PTR_TO_{LONG,INT} arguments on error paths. The resolved description indicates the fix zeros the former ARG_PTR_TO_{LONG,INT} inputs for non-tracing helpers when an error occurs, preve...