CVE-2023-54181
Published: Dec 30, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allow_ptr_leaks After we converted the capabilities of our networking-bpf program from cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program failed to start. Because it failed the bpf verifier, and the error log is "R3 pointer comparison prohibited". A simple reproducer as follows, SEC("cls-ingress") int ingress(struct __sk_buff *skb) { struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethhdr); if ((long)(iph + 1) > (long)skb->data_end) return TC_ACT_STOLEN; return TC_ACT_OK; } Per discussion with Yonghong and Alexei [1], comparison of two packet pointers is not a pointer leak. This patch fixes it. Our local kernel is 6.1.y and we expect this fix to be backported to 6.1.y, so stable is CCed. [1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 - < c96c67991aac6401b4c6996093bccb704bb2ea4baffected 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 - < 5927f0172d2809d8fc09c1ba667280b0387e9f73affected 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 - < acfdc8b77016c8e648aadc283177546c88083dd3affected 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 - < d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 |
Linux | Linux | affected 5.8unaffected 0 - < 5.8unaffected 6.1.53 - <= 6.1.*unaffected 6.4.16 - <= 6.4.*unaffected 6.5.3 - <= 6.5.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now