7.8

CVE-2026-43070

EPSS 0.01%
Veröffentlicht 05.05.2026 16:16:16
Zuletzt bearbeitet 08.05.2026 13:16:37
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

bpf: Reset register ID for BPF_END value tracking

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reset register ID for BPF_END value tracking

When a register undergoes a BPF_END (byte swap) operation, its scalar
value is mutated in-place. If this register previously shared a scalar ID
with another register (e.g., after an `r1 = r0` assignment), this tie must
be broken.

Currently, the verifier misses resetting `dst_reg->id` to 0 for BPF_END.
Consequently, if a conditional jump checks the swapped register, the
verifier incorrectly propagates the learned bounds to the linked register,
leading to false confidence in the linked register's value and potentially
allowing out-of-bounds memory accesses.

Fix this by explicitly resetting `dst_reg->id` to 0 in the BPF_END case
to break the scalar tie, similar to how BPF_NEG handles it via
`__mark_reg_known`.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 4c03342e5ac532fb34d13a7b51dd7261dfc48963

Version < a17443af874229408ce6b78e2c8a2b5adeb4b7d8

Status affected

Version d00ce96623a69a100ad79675d0e85fda3c50d89b

Version < 0d15c3611a2cc5d08993545d4032055ae10ae2c1

Status affected

Version 9d21199842247ab05c675fb9b6c6ca393a5c0024

Version < a3125bc01884431d30d731461634c8295b6f0529

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 6.18.17

Version < 6.18.21

Status affected

Version 6.19.7

Version < 6.19.11

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0d15c3611a2cc5d08993545d4032055ae10ae2c1

https://git.kernel.org/stable/c/a17443af874229408ce6b78e2c8a2b5adeb4b7d8

https://git.kernel.org/stable/c/a3125bc01884431d30d731461634c8295b6f0529

https://nvd.nist.gov/vuln/detail/CVE-2026-43070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43070

EUVD