Updated: 2024-11-30 02:59:34.783519
Description:
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 8.2 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 8.2 | HIGH | Released | CLSA-2025:1743193221 | 2024-08-01 14:40:44 | |
| CentOS 6 ELS | kernel | 2.6.32 | 8.2 | HIGH | Not Vulnerable | 2023-12-26 13:12:54 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 8.2 | HIGH | Not Vulnerable | 2023-11-16 08:30:08 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 8.2 | HIGH | Not Vulnerable | 2023-11-24 23:00:55 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 8.2 | HIGH | Not Vulnerable | 2023-11-24 23:00:55 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 8.2 | HIGH | Not Vulnerable | 2024-06-29 10:08:33 | ||
| CloudLinux 6 ELS | kernel | 2.6.32 | 8.2 | HIGH | Not Vulnerable | 2024-05-08 10:22:07 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 8.2 | HIGH | Not Vulnerable | 2024-10-28 03:43:25 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 8.2 | HIGH | Not Vulnerable | 2023-12-26 13:12:54 | ||
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 8.2 | HIGH | Not Vulnerable | 2023-10-26 11:10:08 |