Source: libbpf Version: 1.0.1-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for libbpf. CVE-2022-3533[0]: | A vulnerability was found in Linux Kernel. It has been rated as | problematic. This issue affects the function parse_usdt_arg of the | file tools/lib/bpf/usdt.c of the component BPF. The manipulation of | the argument reg_name leads to memory leak. It is recommended to apply | a patch to fix this issue. The associated identifier of this | vulnerability is VDB-211031. CVE-2022-3534[1]: | A vulnerability classified as critical has been found in Linux Kernel. | Affected is the function btf_dump_name_dups of the file | tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation | leads to use after free. It is recommended to apply a patch to fix | this issue. The identifier of this vulnerability is VDB-211032. CVE-2022-3606[2]: | A vulnerability was found in Linux Kernel. It has been classified as | problematic. This affects the function find_prog_by_sec_insn of the | file tools/lib/bpf/libbpf.c of the component BPF. The manipulation | leads to null pointer dereference. It is recommended to apply a patch | to fix this issue. The identifier VDB-211749 was assigned to this | vulnerability. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-3533 https://www.cve.org/CVERecord?id=CVE-2022-3533 https://github.com/libbpf/libbpf/commit/881a10980b7ded995da5d9cc1919992c36c9d2be [1] https://security-tracker.debian.org/tracker/CVE-2022-3534 https://www.cve.org/CVERecord?id=CVE-2022-3534 https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f3aaaa41e2a51ddbcd084 [2] https://security-tracker.debian.org/tracker/CVE-2022-3606 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 Regards, Salvatore