Daniel Borkmann

12 exploits Active since Sep 2013
CVE-2017-9150 WRITEUP MEDIUM WRITEUP
Linux kernel <4.11.1 - Info Disclosure
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
CVSS 5.5
CVE-2019-7308 WRITEUP MEDIUM WRITEUP
Linux kernel <4.20.6 - Memory Corruption
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
CVSS 5.6
CVE-2020-27194 WRITEUP MEDIUM WRITEUP
Linux kernel <5.8.15 - Memory Corruption
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.
CVSS 5.5
CVE-2021-33624 WRITEUP MEDIUM WRITEUP
Linux kernel <5.12.13 - Memory Corruption
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
CVSS 4.7
CVE-2013-4350 WRITEUP WRITEUP
Linux Kernel through 3.11.1 - Information Disclosure via IPv6 SCTP IPsec Misconfiguration
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-1421 WRITEUP WRITEUP
Linux kernel <3.18.8 - Use After Free
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
CVE-2017-17853 WRITEUP HIGH WRITEUP
Linux Kernel 4.14-4.14.8 - Memory Corruption via BPF Verifier Signed Bounds Miscalculations
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
CVSS 7.8
CVE-2017-17854 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.9 - Integer Overflow in BPF Verifier
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
CVSS 7.8
CVE-2017-17857 WRITEUP HIGH WRITEUP
Linux Kernel 4.14-4.14.8 - Memory Corruption via BPF Verifier Stack Boundary Check
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
CVSS 7.8
CVE-2018-25020 WRITEUP HIGH WRITEUP
Linux kernel <4.17 - Buffer Overflow
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
CVSS 7.8
CVE-2019-7308 WRITEUP MEDIUM WRITEUP
Linux kernel <4.20.6 - Memory Corruption
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
CVSS 5.6
CVE-2021-31829 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.12.1 - Information Disclosure via BPF Stack Speculative Loads
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
CVSS 5.5