UBUNTU-CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

EUVD-2026-32165

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

Astra Linux - уязвимость в linux-5.10

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel, as of v5.16-rc5, did not properly update the bounds when handling the mov32 instruction. This issue allows local users to obtain potentially sensitive address information, also known as a “pointer leak.”...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the overloading of the meaning of MEMUNINIT Lonial reported an issue in the BPF verifier, where checkmemsizereg contains the following code: c if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw...

CVE-2026-43070

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The verifier fails to correctly reset a register's ID after a BPFEND byte swap operation. This oversight can lead to the verifier incorrectly propagating learned memory bounds to other registers, creating false confidence...

EUVD-2026-27373

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...

CVE-2026-43070

The CVE describes a Linux kernel BPF verifier flaw: after a BPF_END (byte swap), dst_reg->id is not reset to 0, which can cause the verifier to propagate learned bounds to a linked register, creating a risk of out-of-bounds memory accesses. The concrete impact is potential privilege/escalation...

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001557 advisory. An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001149)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001149 advisory. kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002753 advisory. kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact ...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in gethelperproto kernel test robot reported verifier bug 1 where the helper func pointer could be NULL due to disabled config option. As Alexei suggested we could check on that in...

SUSE CVE-2025-40143

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

CVE-2025-40143

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

Linux Distros Unpatched Vulnerability : CVE-2025-40143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a...

EUVD-2025-124940

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

CVE-2025-40143

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

CVE-2025-40143 bpf: dont report verifier bug for missing bpf_scc_visit on speculative path

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

CVE-2025-40143

CVE-2025-40143 concerns the Linux kernel BPF verifier. Syzbot-generated input could trigger a verifier_bug() in maybe_exit_scc() when processing a state inside an SCC, under speculative execution paths. The root cause was an assumption that an existing bpf_scc_visit instance always accompanies a ...

CVE-2025-40143 bpf: dont report verifier bug for missing bpf_scc_visit on speculative path

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...