SB20250916281 - Information disclosure in Linux kernel bpf
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916281
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2023-53290)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the run_bpf_prog() function in samples/bpf/hbm.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/23acb14af1914010dd0aae1bbb7fab28bf518b8e
- https://git.kernel.org/stable/c/7560ed6592ff4077528c239c71e91b19de985b97
- https://git.kernel.org/stable/c/a7ec2f424f6edad34651137783a0a59eca9aa37e
- https://git.kernel.org/stable/c/e3e6e252d74f20f6fc610c7fef3ae7dda0109a6f
- https://git.kernel.org/stable/c/edf37bc8b03d3f948e679b2fd2d14464495f5d1b
- https://git.kernel.org/stable/c/f2065b8b0a215bc6aa061287a2e3d9eab2446422
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.30