Linux Kernel BPF Array Bounds Vulnerability

Vulnerability

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation has been addressed. The issue arose from the 'may_goto' feature, which improperly added 8 bytes to the stack, leading to an out-of-bounds access in the 'interpreters' array when the index was calculated based on stack size. This vulnerability could be exploited in non-JIT (Just-In-Time) scenarios, where loading BPF programs directly could be rejected, or by calculating 'interpreters[idx]' which might still result in out-of-bounds access, although it would only issue a warning. In JIT-compiled cases, the execution of 'bpf_func' also requires a warning.

Impact

Exploitation of this vulnerability could lead to out-of-bounds array access, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BPF Array Bounds Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating