CVE-2021-47376

In the Linux kernel, the following vulnerability has been resolved: bpf: Add oversize check before call kvcalloc Commit 7661809d493b "mm: don't allow oversized kvmalloc calls" add the oversize check. When the allocation is larger than what kmalloc supports, the following warning triggered: WARNIN...

SUSE CVE-2022-23222

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain ORNULL pointer types...

PUB-A-217307370

In checkmapfunccompatibility of verifier.c, there is a possible way to escalate privileges due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-45402

CVE-2021-45402 affects the Linux kernel where check_alu_op() in kernel/bpf/verifier.c does not update bounds properly when handling mov32, enabling local attackers to leak potentially sensitive addresses (pointer leak). The description is consistently cited across multiple connected advisories (e...

PUB-A-190011721

In retrieveptrlimit and related functions of verifier.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-190876666

In scalar32minmaxand and related functions of verifier.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-183840808

In retrieveptrlimit of verifier.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

AZL-6545 CVE-2021-29155 affecting package kernel for versions less than 5.10.78.1-1

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences ...

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

...

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory aka CID-10d2bb2e6b1d.

...

CVE-2020-27194

An issue was discovered in the Linux kernel before 5.8.15. scalar32minmaxor in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a...

PT-2020-4832 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.8.15 Description: An issue in the Linux kernel is related to the scalar32 min max or function in kernel/bpf/verifier.c, which mishandles bounds tracking during the use of 64-bit values. This can lead to a buff...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5755)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5755 advisory. - p54usb: Fix race between disconnect and firmware loading Alan Stern Orabug: 31351863 CVE-2019-15220 - media: rc: prevent memory leak in cx23888irprob...

CVE-2019-7308

A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize,...

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

CVE-2019-7308

CVE-2019-7308 affects the Linux kernel’s BPF verifier in kernel/bpf/verifier.c prior to 4.20.6. The issue is undesirable out-of-bounds speculation on pointer arithmetic across branches with different state/limits, enabling potential side-channel attacks. Public sources in connected documents cons...

Memory corruption

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops...

Design/Logic Flaw

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles statesequal comparisons between the pointer data type and the UNKNOWNVALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...

Design/Logic Flaw

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

CVE-2017-17863

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service integer overflow or invalid memory access or possibly have unspecified other impact...