Skip to main content

CWE-386

Symbolic Name not Mapping to Correct Object

2 CVEs Avg CVSS 7.7 MITRE
0
CRITICAL
2
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-53081 HIGH PATCH This Week

Local privilege escalation in the Linux kernel (6.11 through pre-patch 6.12.x/6.18.x/7.0.x) arises from a BPF verifier state-pruning flaw in regsafe() handling of BPF_ADD_CONST scalar registers, where base register IDs are not checked for mapping consistency. An attacker able to load BPF programs can construct two verifier states that falsely appear equivalent, causing state pruning to incorrectly succeed and letting an unsafe program bypass verification. With CVSS 7.8 (AV:L/PR:L) and full C/I/A impact, successful exploitation can corrupt kernel memory; there is no public exploit identified at time of analysis and EPSS is low (0.16%).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3852 HIGH This Week

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel (6.11 through pre-patch 6.12.x/6.18.x/7.0.x) arises from a BPF verifier state-pruning flaw in regsafe() handling of BPF_ADD_CONST scalar registers, where base register IDs are not checked for mapping consistency. An attacker able to load BPF programs can construct two verifier states that falsely appear equivalent, causing state pruning to incorrectly succeed and letting an unsafe program bypass verification. With CVSS 7.8 (AV:L/PR:L) and full C/I/A impact, successful exploitation can corrupt kernel memory; there is no public exploit identified at time of analysis and EPSS is low (0.16%).

Linux Information Disclosure
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla Firefox +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy