7.8
CVE-2026-53090
- EPSS 0.12%
- Veröffentlicht 24.06.2026 16:30:29
- Zuletzt bearbeitet 06.07.2026 13:17:04
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
bpf: Fix ld_{abs,ind} failure path analysis in subprogs
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix ld_{abs,ind} failure path analysis in subprogs
Usage of ld_{abs,ind} instructions got extended into subprogs some time
ago via commit 09b28d76eac4 ("bpf: Add abnormal return checks."). These
are only allowed in subprograms when the latter are BTF annotated and
have scalar return types.
The code generator in bpf_gen_ld_abs() has an abnormal exit path (r0=0 +
exit) from legacy cBPF times. While the enforcement is on scalar return
types, the verifier must also simulate the path of abnormal exit if the
packet data load via ld_{abs,ind} failed.
This is currently not the case. Fix it by having the verifier simulate
both success and failure paths, and extend it in similar ways as we do
for tail calls. The success path (r0=unknown, continue to next insn) is
pushed onto stack for later validation and the r0=0 and return to the
caller is done on the fall-through side.Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.025 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-253 Incorrect Check of Function Return Value
The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.
https://git.kernel.org/stable/c/d846d83bdacbd8f14fc45c63b8c1d22608452e1c
https://git.kernel.org/stable/c/ee861486e377edc55361c08dcbceab3f6b6577bd
https://access.redhat.com/security/cve/CVE-2026-53090
https://bugzilla.redhat.com/show_bug.cgi?id=2492305
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53090.json