-

CVE-2026-53095

bpf: Fix abuse of kprobe_write_ctx via freplace

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix abuse of kprobe_write_ctx via freplace

uprobe programs are allowed to modify struct pt_regs.

Since the actual program type of uprobe is KPROBE, it can be abused to
modify struct pt_regs via kprobe+freplace when the kprobe attaches to
kernel functions.

For example,

SEC("?kprobe")
int kprobe(struct pt_regs *regs)
{
	return 0;
}

SEC("?freplace")
int freplace_kprobe(struct pt_regs *regs)
{
	regs->di = 0;
	return 0;
}

freplace_kprobe prog will attach to kprobe prog.
kprobe prog will attach to a kernel function.

Without this patch, when the kernel function runs, its first arg will
always be set as 0 via the freplace_kprobe prog.

To fix the abuse of kprobe_write_ctx=true via kprobe+freplace, disallow
attaching freplace programs on kprobe programs with different
kprobe_write_ctx values.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 7384893d970ea114952aef54ad7e3d7d2ca82d4f
Version < b312cf41b9e43f442613053f6cad39898e1baf96
Status affected
Version 7384893d970ea114952aef54ad7e3d7d2ca82d4f
Version < 9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8
Status affected
Version 7384893d970ea114952aef54ad7e3d7d2ca82d4f
Version < 611fe4b79af72d00d80f2223354284447daafae9
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.18
Status affected
Version 0
Version < 6.18
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/b312cf41b9e43f442613053f6cad39898e1baf96
https://git.kernel.org/stable/c/9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8
https://git.kernel.org/stable/c/611fe4b79af72d00d80f2223354284447daafae9