5.5

CVE-2026-43333

bpf: reject direct access to nullable PTR_TO_BUF pointers

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject direct access to nullable PTR_TO_BUF pointers

check_mem_access() matches PTR_TO_BUF via base_type() which strips
PTR_MAYBE_NULL, allowing direct dereference without a null check.

Map iterator ctx->key and ctx->value are PTR_TO_BUF | PTR_MAYBE_NULL.
On stop callbacks these are NULL, causing a kernel NULL dereference.

Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the
existing PTR_TO_BTF_ID pattern.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.37 < 5.15.203
LinuxLinux Kernel Version >= 5.16.11 < 6.1.168
LinuxLinux Kernel Version >= 6.2 < 6.6.134
LinuxLinux Kernel Version >= 6.7 < 6.12.81
LinuxLinux Kernel Version >= 6.13 < 6.18.22
LinuxLinux Kernel Version >= 6.19 < 6.19.12
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/10bc4a4dcded509c5d5c67d497900c3922c604cd
Patch
https://git.kernel.org/stable/c/21a10c06ffae24cb01fd174a7ab7736001d2ea56
Patch
https://git.kernel.org/stable/c/8755066f7bd0f4ac46a29d1708c7b20894539252
Patch
https://git.kernel.org/stable/c/70abd9d118da2f56beb4ec22e3a29becae373535
Patch
https://git.kernel.org/stable/c/63276547debc4d8a73eefb2c5273b2a905c961b0
Patch
https://git.kernel.org/stable/c/4f6c99dc0420f1a3d671c1b8ab8a7ac84d9cba09
Patch
https://git.kernel.org/stable/c/b0db1accbc7395657c2b79db59fa9fae0d6656f3
Patch