Home

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve_pseudo_ldimm64() function adds the offset. Fix it. Corresponding selftests are added in a consequent commit.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status
unaffected

493d9e0d608339a32f568504d5fd411a261bb0af (git) before 73ef43202a37d779a8e665a0acae214fa59df9fb
affected

493d9e0d608339a32f568504d5fd411a261bb0af (git) before e3bd7bdf5ffe49d8381e42843f6e98cd0c78a1e8
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.19.4 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/73ef43202a37d779a8e665a0acae214fa59df9fb

git.kernel.org/...c/e3bd7bdf5ffe49d8381e42843f6e98cd0c78a1e8

cve.org (CVE-2026-45967)

nvd.nist.gov (CVE-2026-45967)

Download JSON