-
CVE-2026-53106
- EPSS 0.15%
- Veröffentlicht 24.06.2026 16:30:41
- Zuletzt bearbeitet 24.06.2026 17:17:24
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
bpf: Do not allow deleting local storage in NMI
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace() in NMI or reentrant. Since deleting selem in NMI is an unlikely use case, partially mitigate it by returning error when calling from bpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible to deadlock through reentrant. A full mitigation requires returning error when irqs_disabled() is true, which, however is too heavy-handed for bpf_xxx_storage_delete(). The long-term solution requires _nolock versions of call_rcu. Another possible solution is to defer the free through irq_work [0], but it would grow the size of selem, which is non-ideal. The check is only needed in bpf_selem_unlink(), which is used by helpers and syscalls. bpf_selem_unlink_nofail() is fine as it is called during map and owner tear down that never run in NMI or reentrant. [0] https://lore.kernel.org/bpf/20260205190233.912-1-alexei.starovoitov@gmail.com/
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
a10787e6d58c24b51e91c19c6d16c5da89fcaa4b
Version <
e84acaf936970b5b0be2c93bbf255295ba9406df
Status
affected
Version
a10787e6d58c24b51e91c19c6d16c5da89fcaa4b
Version <
350de5b8a9befaa2a68861c51f671d4f5f751ca5
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.13
Status
affected
Version
0
Version <
5.13
Status
unaffected
Version <=
7.0.*
Version
7.0.10
Status
unaffected
Version <=
*
Version
7.1
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|
https://git.kernel.org/stable/c/e84acaf936970b5b0be2c93bbf255295ba9406df
https://git.kernel.org/stable/c/350de5b8a9befaa2a68861c51f671d4f5f751ca5