https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 07:37:49 +0000 https://vulnerability.circl.lu/sighting/8b0a6fd5-ffb0-4868-a4a0-dd6fe3fea796/export {"uuid": "8b0a6fd5-ffb0-4868-a4a0-dd6fe3fea796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50165", "type": "seen", "source": "https://t.me/cvedetector/10074", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50165 - Linux Kernel BPF Mount Option Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50165 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Preserve param->string when parsing mount options \n \nIn bpf_parse_param(), keep the value of param->string intact so it can \nbe freed later. Otherwise, the kmalloc area pointed to by param->string \nwill be leaked as shown below: \n \nunreferenced object 0xffff888118c46d20 (size 8): \n comm \"new_name\", pid 12109, jiffies 4295580214 \n hex dump (first 8 bytes): \n 61 6e 79 00 38 c9 5c 7e any.8.\\~ \n backtrace (crc e1b7f876): \n [<00000000c6848ac7] kmemleak_alloc+0x4b/0x80 \n [<00000000de9f7d00] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 \n [<000000003e29b886] memdup_user+0x32/0xa0 \n [<0000000007248326] strndup_user+0x46/0x60 \n [<0000000035b3dd29] __x64_sys_fsconfig+0x368/0x3d0 \n [<0000000018657927] x64_sys_call+0xff/0x9f0 \n [<00000000c0cabc95] do_syscall_64+0x3b/0xc0 \n [<000000002f331597] entry_SYSCALL_64_after_hwframe+0x4b/0x53 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:32.000000Z"} {"uuid": "8b0a6fd5-ffb0-4868-a4a0-dd6fe3fea796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50165", "type": "seen", "source": "https://t.me/cvedetector/10074", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50165 - Linux Kernel BPF Mount Option Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50165 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Preserve param->string when parsing mount options \n \nIn bpf_parse_param(), keep the value of param->string intact so it can \nbe freed later. Otherwise, the kmalloc area pointed to by param->string \nwill be leaked as shown below: \n \nunreferenced object 0xffff888118c46d20 (size 8): \n comm \"new_name\", pid 12109, jiffies 4295580214 \n hex dump (first 8 bytes): \n 61 6e 79 00 38 c9 5c 7e any.8.\\~ \n backtrace (crc e1b7f876): \n [<00000000c6848ac7] kmemleak_alloc+0x4b/0x80 \n [<00000000de9f7d00] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 \n [<000000003e29b886] memdup_user+0x32/0xa0 \n [<0000000007248326] strndup_user+0x46/0x60 \n [<0000000035b3dd29] __x64_sys_fsconfig+0x368/0x3d0 \n [<0000000018657927] x64_sys_call+0xff/0x9f0 \n [<00000000c0cabc95] do_syscall_64+0x3b/0xc0 \n [<000000002f331597] entry_SYSCALL_64_after_hwframe+0x4b/0x53 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:32.000000Z"} https://vulnerability.circl.lu/sighting/8b0a6fd5-ffb0-4868-a4a0-dd6fe3fea796/export Thu, 07 Nov 2024 11:54:32 +0000 https://vulnerability.circl.lu/sighting/8de2bb06-661e-4959-ab0c-28f038880df1/export {"uuid": "8de2bb06-661e-4959-ab0c-28f038880df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50167", "type": "seen", "source": "https://t.me/cvedetector/10076", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50167 - Alteon Be2Net Linux Kernel Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50167 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbe2net: fix potential memory leak in be_xmit() \n \nThe be_xmit() returns NETDEV_TX_OK without freeing skb \nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"} {"uuid": "8de2bb06-661e-4959-ab0c-28f038880df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50167", "type": "seen", "source": "https://t.me/cvedetector/10076", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50167 - Alteon Be2Net Linux Kernel Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50167 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbe2net: fix potential memory leak in be_xmit() \n \nThe be_xmit() returns NETDEV_TX_OK without freeing skb \nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"} https://vulnerability.circl.lu/sighting/8de2bb06-661e-4959-ab0c-28f038880df1/export Thu, 07 Nov 2024 11:54:33 +0000 https://vulnerability.circl.lu/sighting/8800bc34-8161-4a91-a7ff-8b8d94102b7d/export {"uuid": "8800bc34-8161-4a91-a7ff-8b8d94102b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://t.me/cvedetector/10075", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50166 - Freescale Semiconductor FMAN Reference Leak Vulnerability (Denial of Service)\", \n \"Content\": \"CVE ID : CVE-2024-50166 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nfsl/fman: Fix refcount handling of fman-related devices \n \nIn mac_probe() there are multiple calls to of_find_device_by_node(), \nfman_bind() and fman_port_bind() which takes references to of_dev->dev. \nNot all references taken by these calls are released later on error path \nin mac_probe() and in mac_remove() which lead to reference leaks. \n \nAdd references release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"} {"uuid": "8800bc34-8161-4a91-a7ff-8b8d94102b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://t.me/cvedetector/10075", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50166 - Freescale Semiconductor FMAN Reference Leak Vulnerability (Denial of Service)\", \n \"Content\": \"CVE ID : CVE-2024-50166 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nfsl/fman: Fix refcount handling of fman-related devices \n \nIn mac_probe() there are multiple calls to of_find_device_by_node(), \nfman_bind() and fman_port_bind() which takes references to of_dev->dev. \nNot all references taken by these calls are released later on error path \nin mac_probe() and in mac_remove() which lead to reference leaks. \n \nAdd references release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:33.000000Z"} https://vulnerability.circl.lu/sighting/8800bc34-8161-4a91-a7ff-8b8d94102b7d/export Thu, 07 Nov 2024 11:54:33 +0000 https://vulnerability.circl.lu/sighting/2f3fcf53-200a-49ef-af5b-dff3c8d995d5/export {"uuid": "2f3fcf53-200a-49ef-af5b-dff3c8d995d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50168", "type": "seen", "source": "https://t.me/cvedetector/10077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50168 - Qualcomm Atheros Ethernet miniport Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-50168 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet() \n \nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb \nin case of skb->len being too long, add dev_kfree_skb() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:37.000000Z"} {"uuid": "2f3fcf53-200a-49ef-af5b-dff3c8d995d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50168", "type": "seen", "source": "https://t.me/cvedetector/10077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50168 - Qualcomm Atheros Ethernet miniport Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-50168 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet() \n \nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb \nin case of skb->len being too long, add dev_kfree_skb() to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:37.000000Z"} https://vulnerability.circl.lu/sighting/2f3fcf53-200a-49ef-af5b-dff3c8d995d5/export Thu, 07 Nov 2024 11:54:37 +0000 https://vulnerability.circl.lu/sighting/2dbe7c33-dbf7-4942-8bdb-e541ad4b9f4f/export {"uuid": "2dbe7c33-dbf7-4942-8bdb-e541ad4b9f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/cvedetector/10080", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50164 - Linux Kernel BPF Raw Write Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50164 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Fix overloading of MEM_UNINIT's meaning \n \nLonial reported an issue in the BPF verifier where check_mem_size_reg() \nhas the following code: \n \n if (!tnum_is_const(reg->var_off)) \n /* For unprivileged variable accesses, disable raw \n * mode so that the program is required to \n * initialize all the memory that the helper could \n * just partially fill up. \n */ \n meta = NULL; \n \nThis means that writes are not checked when the register containing the \nsize of the passed buffer has not a fixed size. Through this bug, a BPF \nprogram can write to a map which is marked as read-only, for example, \n.rodata global maps. \n \nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer \nto the BPF helper does not need to be initialized\" which was added back \nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\") \ngot overloaded over time with \"the passed buffer is being written to\". \n \nThe problem however is that checks such as the above which were added later \nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta \nto NULL in order force the user to always initialize the passed buffer to \nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses \nverifier write checks to the memory (not boundary checks though) and only \nassumes the latter memory is read instead. \n \nFix this by reverting MEM_UNINIT back to its original meaning, and having \nMEM_WRITE as an annotation to BPF helpers in order to then trigger the \nBPF verifier checks for writing to memory. \n \nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO} \nwe can access fn->arg_type[arg - 1] since it must contain a preceding \nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed \naltogether since we do check both BPF_READ and BPF_WRITE. Same for the \nequivalent check_kfunc_mem_size_reg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:39.000000Z"} {"uuid": "2dbe7c33-dbf7-4942-8bdb-e541ad4b9f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/cvedetector/10080", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50164 - Linux Kernel BPF Raw Write Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-50164 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Fix overloading of MEM_UNINIT's meaning \n \nLonial reported an issue in the BPF verifier where check_mem_size_reg() \nhas the following code: \n \n if (!tnum_is_const(reg->var_off)) \n /* For unprivileged variable accesses, disable raw \n * mode so that the program is required to \n * initialize all the memory that the helper could \n * just partially fill up. \n */ \n meta = NULL; \n \nThis means that writes are not checked when the register containing the \nsize of the passed buffer has not a fixed size. Through this bug, a BPF \nprogram can write to a map which is marked as read-only, for example, \n.rodata global maps. \n \nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer \nto the BPF helper does not need to be initialized\" which was added back \nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\") \ngot overloaded over time with \"the passed buffer is being written to\". \n \nThe problem however is that checks such as the above which were added later \nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta \nto NULL in order force the user to always initialize the passed buffer to \nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses \nverifier write checks to the memory (not boundary checks though) and only \nassumes the latter memory is read instead. \n \nFix this by reverting MEM_UNINIT back to its original meaning, and having \nMEM_WRITE as an annotation to BPF helpers in order to then trigger the \nBPF verifier checks for writing to memory. \n \nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO} \nwe can access fn->arg_type[arg - 1] since it must contain a preceding \nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed \naltogether since we do check both BPF_READ and BPF_WRITE. Same for the \nequivalent check_kfunc_mem_size_reg(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:39.000000Z"} https://vulnerability.circl.lu/sighting/2dbe7c33-dbf7-4942-8bdb-e541ad4b9f4f/export Thu, 07 Nov 2024 11:54:39 +0000 https://vulnerability.circl.lu/sighting/d417caa3-ec42-46ea-8791-8e1560a297d5/export {"uuid": "d417caa3-ec42-46ea-8791-8e1560a297d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50161", "type": "seen", "source": "https://t.me/cvedetector/10081", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50161 - Linux Kernel bpf Out-of-Bounds Read\", \n \"Content\": \"CVE ID : CVE-2024-50161 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Check the remaining info_cnt before repeating btf fields \n \nWhen trying to repeat the btf fields for array of nested struct, it \ndoesn't check the remaining info_cnt. The following splat will be \nreported when the value of ret * nelems is greater than BTF_FIELDS_MAX: \n \n ------------[ cut here ]------------ \n UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 \n index 11 is out of range for type 'btf_field_info [11]' \n CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 \n Tainted: [O]=OOT_MODULE \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... \n Call Trace: \n \n dump_stack_lvl+0x57/0x70 \n dump_stack+0x10/0x20 \n ubsan_epilogue+0x9/0x40 \n __ubsan_handle_out_of_bounds+0x6f/0x80 \n ? kallsyms_lookup_name+0x48/0xb0 \n btf_parse_fields+0x992/0xce0 \n map_create+0x591/0x770 \n __sys_bpf+0x229/0x2410 \n __x64_sys_bpf+0x1f/0x30 \n x64_sys_call+0x199/0x9f0 \n do_syscall_64+0x3b/0xc0 \n entry_SYSCALL_64_after_hwframe+0x4b/0x53 \n RIP: 0033:0x7fea56f2cc5d \n ...... \n \n ---[ end trace ]--- \n \nFix it by checking the remaining info_cnt in btf_repeat_fields() before \nrepeating the btf fields. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:40.000000Z"} {"uuid": "d417caa3-ec42-46ea-8791-8e1560a297d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50161", "type": "seen", "source": "https://t.me/cvedetector/10081", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-50161 - Linux Kernel bpf Out-of-Bounds Read\", \n \"Content\": \"CVE ID : CVE-2024-50161 \nPublished : Nov. 7, 2024, 10:15 a.m. | 34\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nbpf: Check the remaining info_cnt before repeating btf fields \n \nWhen trying to repeat the btf fields for array of nested struct, it \ndoesn't check the remaining info_cnt. The following splat will be \nreported when the value of ret * nelems is greater than BTF_FIELDS_MAX: \n \n ------------[ cut here ]------------ \n UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 \n index 11 is out of range for type 'btf_field_info [11]' \n CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 \n Tainted: [O]=OOT_MODULE \n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... \n Call Trace: \n \n dump_stack_lvl+0x57/0x70 \n dump_stack+0x10/0x20 \n ubsan_epilogue+0x9/0x40 \n __ubsan_handle_out_of_bounds+0x6f/0x80 \n ? kallsyms_lookup_name+0x48/0xb0 \n btf_parse_fields+0x992/0xce0 \n map_create+0x591/0x770 \n __sys_bpf+0x229/0x2410 \n __x64_sys_bpf+0x1f/0x30 \n x64_sys_call+0x199/0x9f0 \n do_syscall_64+0x3b/0xc0 \n entry_SYSCALL_64_after_hwframe+0x4b/0x53 \n RIP: 0033:0x7fea56f2cc5d \n ...... \n \n ---[ end trace ]--- \n \nFix it by checking the remaining info_cnt in btf_repeat_fields() before \nrepeating the btf fields. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T11:54:40.000000Z"} https://vulnerability.circl.lu/sighting/d417caa3-ec42-46ea-8791-8e1560a297d5/export Thu, 07 Nov 2024 11:54:40 +0000 https://vulnerability.circl.lu/sighting/8e8852d6-bc7b-481b-9920-a0ca71dec511/export {"uuid": "8e8852d6-bc7b-481b-9920-a0ca71dec511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50164\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg->var_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn->arg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg().\n\ud83d\udccf Published: 2024-11-07T09:31:41.012Z\n\ud83d\udccf Modified: 2025-01-17T13:27:00.246Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/43f4df339a4d375bedcad29a61ae6f0ee7a048f8\n2. https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe\n3. https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8\n4. https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e", "creation_timestamp": "2025-01-17T13:56:46.000000Z"} {"uuid": "8e8852d6-bc7b-481b-9920-a0ca71dec511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50164\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg->var_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn->arg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg().\n\ud83d\udccf Published: 2024-11-07T09:31:41.012Z\n\ud83d\udccf Modified: 2025-01-17T13:27:00.246Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/43f4df339a4d375bedcad29a61ae6f0ee7a048f8\n2. https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe\n3. https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8\n4. https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e", "creation_timestamp": "2025-01-17T13:56:46.000000Z"} https://vulnerability.circl.lu/sighting/8e8852d6-bc7b-481b-9920-a0ca71dec511/export Fri, 17 Jan 2025 13:56:46 +0000 https://vulnerability.circl.lu/sighting/e3e0741a-4f8b-41d5-8836-15a900544afe/export {"uuid": "e3e0741a-4f8b-41d5-8836-15a900544afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "e3e0741a-4f8b-41d5-8836-15a900544afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://vulnerability.circl.lu/sighting/e3e0741a-4f8b-41d5-8836-15a900544afe/export Wed, 03 Dec 2025 14:14:49 +0000 https://vulnerability.circl.lu/sighting/0acbbee0-c46e-4213-8b96-fd3914f77eff/export {"uuid": "0acbbee0-c46e-4213-8b96-fd3914f77eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "0acbbee0-c46e-4213-8b96-fd3914f77eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50164", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/0acbbee0-c46e-4213-8b96-fd3914f77eff/export Thu, 19 Mar 2026 00:00:00 +0000 https://vulnerability.circl.lu/sighting/e2d77171-3042-47bc-9d07-6f13f225be5e/export {"uuid": "e2d77171-3042-47bc-9d07-6f13f225be5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "e2d77171-3042-47bc-9d07-6f13f225be5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-50166", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/e2d77171-3042-47bc-9d07-6f13f225be5e/export Thu, 19 Mar 2026 00:00:00 +0000