CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

PT-2026-37073

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter verifier where the dst reg-id is not reset to 0 during a BPF END byte swap operation. When a register undergoes this operation, its scal...

CVE-2023-54181 bpf: Fix issue in verifying allow_ptr_leaks

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allowptrleaks After we converted the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. Because it failed the bpf verifier, a...

CVE-2023-54181 bpf: Fix issue in verifying allow_ptr_leaks

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allowptrleaks After we converted the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. Because it failed the bpf verifier, a...

UBUNTU-CVE-2025-68208

In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widenimprecisescalars The usage pattern for widenimprecisescalars looks as follows: prevst = findpreventryenv, ...; queuedst = pushstack...; widenimprecisescalarsenv, prevst,...

TencentOS Server 4: kernel (TSSA-2025:0349)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0349 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-38591

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = u8 r1 + 169; exit; With pointer field sk being at offset 168 in skbuff. This access is...

CVE-2025-38607 bpf: handle jset (if a & b ...) as a jump in CFG computation

In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset if a & b ... as a jump in CFG computation BPFJSET is a conditional jump and currently verifier.c:canjump does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the...

CVE-2025-38060 bpf: copy_verifier_state() should copy 'loop_entry' field

In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...

CLSA-2024-1715951065 kernel: Fix of 10 CVEs

scsi: lpfc: Fix use-after-free in lpfcunregrpi routine CVE-2021-47198 - fs,hugetlb: fix NULL pointer dereference in hugetlbsfillsuper CVE-2024-0841 - bpf: Fix incorrect verifier pruning due to missing register precision taints CVE-2023-2163 - bpf: Fix hashtab overflow check on 32-bit arches...

kernel: bpf, verifier: Fix memory leak in array reallocation for stack state

A flaw was found in the eBPF subsystem in the Linux kernel. An incorrect logic in a helper function for memory reallocation can cause memory leaks when a memory allocation error occurs, potentially leading to system instability and a denial of service...