-

CVE-2026-53084

bpf: return VMA snapshot from task_vma iterator

In the Linux kernel, the following vulnerability has been resolved:

bpf: return VMA snapshot from task_vma iterator

Holding the per-VMA lock across the BPF program body creates a lock
ordering problem when helpers acquire locks that depend on mmap_lock:

  vm_lock -> i_rwsem -> mmap_lock -> vm_lock

Snapshot the VMA under the per-VMA lock in _next() via memcpy(), then
drop the lock before returning. The BPF program accesses only the
snapshot.

The verifier only trusts vm_mm and vm_file pointers (see
BTF_TYPE_SAFE_TRUSTED_OR_NULL in verifier.c). vm_file is reference-
counted with get_file() under the lock and released via fput() on the
next iteration or in _destroy(). vm_mm is already correct because
lock_vma_under_rcu() verifies vma->vm_mm == mm. All other pointers
are left as-is by memcpy() since the verifier treats them as untrusted.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 4ac4546821584736798aaa9e97da9f6eaf689ea3
Version < 83b8802c034e843b83a3e1ef6f30cdd4e9ec291c
Status affected
Version 4ac4546821584736798aaa9e97da9f6eaf689ea3
Version < 592226d138378601ae28eb890e2bbc23ec3600f7
Status affected
Version 4ac4546821584736798aaa9e97da9f6eaf689ea3
Version < 13860ca37b8df0b856ee1ce3bdbd7c327d5f53e8
Status affected
Version 4ac4546821584736798aaa9e97da9f6eaf689ea3
Version < 4cbee026db54cad39c39db4d356100cb133412b3
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.7
Status affected
Version 0
Version < 6.7
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/83b8802c034e843b83a3e1ef6f30cdd4e9ec291c
https://git.kernel.org/stable/c/592226d138378601ae28eb890e2bbc23ec3600f7
https://git.kernel.org/stable/c/13860ca37b8df0b856ee1ce3bdbd7c327d5f53e8
https://git.kernel.org/stable/c/4cbee026db54cad39c39db4d356100cb133412b3