Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Memory read in BPF Linux Kernel
Vulnerability Description
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Linux kernel 缓冲区错误漏洞
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在缓冲区错误漏洞,该漏洞源于BPF 内存在任意内存读取 - 用于填充传递给 bpf_sys_bpf 的结构中的指针的常量未经验证,可以指向任何地方,包括不属于 BPF 的内存,攻击者利用该漏洞可以从系统的任何位置任意读取内存。
CVSS Information
N/A
Vulnerability Type
N/A