Debian Libbpf vulnerabilities

6 known vulnerabilities affecting debian/libbpf.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM3LOW3

Vulnerabilities

Page 1 of 1

CVE-2025-29481LOWCVSS 6.2fixed in libbpf 1.5.0-3 (forky)2025

CVE-2025-29481 [MEDIUM] CVE-2025-29481: libbpf - Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute... Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root." Scope: local bookworm: open bullseye: open forky: resolved (

CVE-2022-3534MEDIUMCVSS 5.5fixed in libbpf 1.1.0-1 (bookworm)2022

CVE-2022-3534 [MEDIUM] CVE-2022-3534: libbpf - A vulnerability classified as critical has been found in Linux Kernel. Affected ... A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. Scope: local bookworm: resolved (fixed in 1.

CVE-2022-3606LOWCVSS 3.5fixed in libbpf 1.1.0-1 (bookworm)2022

CVE-2022-3606 [LOW] CVE-2022-3606: libbpf - A vulnerability was found in Linux Kernel. It has been classified as problematic... A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. Scope: local book

CVE-2022-3533LOWCVSS 3.5fixed in libbpf 1.1.0-1 (bookworm)2022

CVE-2022-3533 [LOW] CVE-2022-3533: libbpf - A vulnerability was found in Linux Kernel. It has been rated as problematic. Thi... A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031. Scope: local

CVE-2021-45940MEDIUMCVSS 6.5fixed in libbpf 0.7.0-2 (bookworm)2021

CVE-2021-45940 [MEDIUM] CVE-2021-45940: libbpf - libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_objec... libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). Scope: local bookworm: resolved (fixed in 0.7.0-2) bullseye: open forky: resolved (fixed in 0.7.0-2) sid: resolved (fixed in 0.7.0-2) trixie: resolved (fixed in 0.7.0-2)

CVE-2021-45941MEDIUMCVSS 6.5fixed in libbpf 0.7.0-2 (bookworm)2021

CVE-2021-45941 [MEDIUM] CVE-2021-45941: libbpf - libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_objec... libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). Scope: local bookworm: resolved (fixed in 0.7.0-2) bullseye: open forky: resolved (fixed in 0.7.0-2) sid: resolved (fixed in 0.7.0-2) trixie: resolved (fixed in 0.7.0-2)