Description
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2041547
Scores
CVSS v3
5.5
EPSS
0.0026
EPSS Percentile
16.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-755
Status
published
Products (2)
linux/linux_kernel
5.16 (6 CPE variants)
linux/linux_kernel
< 5.16
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026