7.1

CVE-2026-53076

bpf: Fix OOB in pcpu_init_value

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix OOB in pcpu_init_value

An out-of-bounds read occurs when copying element from a
BPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the
same value_size that is not rounded up to 8 bytes.

The issue happens when:
1. A CGROUP_STORAGE map is created with value_size not aligned to
   8 bytes (e.g., 4 bytes)
2. A pcpu map is created with the same value_size (e.g., 4 bytes)
3. Update element in 2 with data in 1

pcpu_init_value assumes that all sources are rounded up to 8 bytes,
and invokes copy_map_value_long to make a data copy, However, the
assumption doesn't stand since there are some cases where the source
may not be rounded up to 8 bytes, e.g., CGROUP_STORAGE, skb->data.
the verifier verifies exactly the size that the source claims, not
the size rounded up to 8 bytes by kernel, an OOB happens when the
source has only 4 bytes while the copy size(4) is rounded up to 8.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version d3bec0138bfbe58606fc1d6f57a4cdc1a20218db
Version < e19c5ed9f1922a6854073f8651a63fa7be26e9e9
Status affected
Version d3bec0138bfbe58606fc1d6f57a4cdc1a20218db
Version < e0378419b0e20178b5d100b27c9cc7e51064202e
Status affected
Version d3bec0138bfbe58606fc1d6f57a4cdc1a20218db
Version < 6086079e6d1c32ba4c4b422612b8aebb1129a96c
Status affected
Version d3bec0138bfbe58606fc1d6f57a4cdc1a20218db
Version < 634a793d0e1c822412095d25a1338f8831ad894c
Status affected
Version d3bec0138bfbe58606fc1d6f57a4cdc1a20218db
Version < 576afddfee8d1108ee299bf10f581593540d1a36
Status affected
Version c602ad2b52dcbca5af08e5137bd5575c039b52e3
Status affected
Version ab68b940dd6f7b5f8e2557937162dcb8a0583a05
Status affected
Version 5.4.78
Version < 5.5
Status affected
Version 5.9.9
Version < 5.10
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.10
Status affected
Version 0
Version < 5.10
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.019
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/e19c5ed9f1922a6854073f8651a63fa7be26e9e9
https://git.kernel.org/stable/c/e0378419b0e20178b5d100b27c9cc7e51064202e
https://git.kernel.org/stable/c/6086079e6d1c32ba4c4b422612b8aebb1129a96c
https://git.kernel.org/stable/c/634a793d0e1c822412095d25a1338f8831ad894c
https://git.kernel.org/stable/c/576afddfee8d1108ee299bf10f581593540d1a36