-

CVE-2026-53106

bpf: Do not allow deleting local storage in NMI

In the Linux kernel, the following vulnerability has been resolved:

bpf: Do not allow deleting local storage in NMI

Currently, local storage may deadlock when deferring freeing selem or
local storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace()
in NMI or reentrant. Since deleting selem in NMI is an unlikely use
case, partially mitigate it by returning error when calling from
bpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible
to deadlock through reentrant. A full mitigation requires returning
error when irqs_disabled() is true, which, however is too heavy-handed
for bpf_xxx_storage_delete().

The long-term solution requires _nolock versions of call_rcu. Another
possible solution is to defer the free through irq_work [0], but it
would grow the size of selem, which is non-ideal.

The check is only needed in bpf_selem_unlink(), which is used by helpers
and syscalls. bpf_selem_unlink_nofail() is fine as it is called during
map and owner tear down that never run in NMI or reentrant.

[0] https://lore.kernel.org/bpf/20260205190233.912-1-alexei.starovoitov@gmail.com/
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version a10787e6d58c24b51e91c19c6d16c5da89fcaa4b
Version < e84acaf936970b5b0be2c93bbf255295ba9406df
Status affected
Version a10787e6d58c24b51e91c19c6d16c5da89fcaa4b
Version < 350de5b8a9befaa2a68861c51f671d4f5f751ca5
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.13
Status affected
Version 0
Version < 5.13
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.041
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/e84acaf936970b5b0be2c93bbf255295ba9406df
https://git.kernel.org/stable/c/350de5b8a9befaa2a68861c51f671d4f5f751ca5