7.8

CVE-2026-53096

bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path

In the Linux kernel, the following vulnerability has been resolved:

bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path

The DEVMAP_HASH branch in dev_map_redirect_multi() uses
hlist_for_each_entry_safe() to iterate hash buckets, but this function
runs under RCU protection (called from xdp_do_generic_redirect_map()
in softirq context). Concurrent writers (__dev_map_hash_update_elem,
dev_map_hash_delete_elem) modify the list using RCU primitives
(hlist_add_head_rcu, hlist_del_rcu).

hlist_for_each_entry_safe() performs plain pointer dereferences without
rcu_dereference(), missing the acquire barrier needed to pair with
writers' rcu_assign_pointer(). On weakly-ordered architectures (ARM64,
POWER), a reader can observe a partially-constructed node. It also
defeats CONFIG_PROVE_RCU lockdep validation and KCSAN data-race
detection.

Replace with hlist_for_each_entry_rcu() using rcu_read_lock_bh_held()
as the lockdep condition, consistent with the rcu_dereference_check()
used in the DEVMAP (non-hash) branch of the same functions. Also fix
the same incorrect lockdep_is_held(&dtab->index_lock) condition in
dev_map_enqueue_multi(), where the lock is not held either.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < 4a3d0fe30b907ff324b1b49756f7e713d67f3645
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < b089aa6e94d7a08e74d076a0fe274842dc9feccc
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < 571a05ea1baaccc0dc1e0d227b2cbc978b96d392
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < cb2c1f3cf65b855548e1b8d55a08bfbaa5a0901a
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < d4c4bd231ebad70e6f30db429e9640bf378b2f52
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < 7027e705062482a8cea43a1c13ede3c35653966f
Status affected
Version e624d4ed4aa8cc3c69d1359b0aaea539203ed266
Version < 8ed82f807bb09d2c8455aaa665f2c6cb17bc6a19
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.14
Status affected
Version 0
Version < 5.14
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.031
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/4a3d0fe30b907ff324b1b49756f7e713d67f3645
https://git.kernel.org/stable/c/b089aa6e94d7a08e74d076a0fe274842dc9feccc
https://git.kernel.org/stable/c/571a05ea1baaccc0dc1e0d227b2cbc978b96d392
https://git.kernel.org/stable/c/cb2c1f3cf65b855548e1b8d55a08bfbaa5a0901a
https://git.kernel.org/stable/c/d4c4bd231ebad70e6f30db429e9640bf378b2f52
https://git.kernel.org/stable/c/7027e705062482a8cea43a1c13ede3c35653966f
https://git.kernel.org/stable/c/8ed82f807bb09d2c8455aaa665f2c6cb17bc6a19