CVE-2026-43030 PUBLISHED

bpf: Fix regsafe() for pointers to packet

Assigner: Linux
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet

In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N regsafe() may return true which may lead to current state with valid packet range not being explored. Fix the bug.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 95b6ec733752b31bfd166c4609d2c1b5cdde9b47 to b52f6d0ef7b308f9d05bbddb78749852f28e8e40 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to 37db6b9726d0bcf91cbdf9d63b558c50da49f968 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to 015a74476dc1ab6923d89f1ee009aaf43faa7185 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to b99d82706bd1511bb875e3de7154698fd9215c99 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to 7241da033fdc507b920e092dab1f97b945cb0370 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to 8aebe18069394f4a79d2d82080a0f806da449996 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to ca995b1462ec6db1e869100ba1fb7356bd3f22f0 (excl.) affected from 6d94e741a8ff818e5518da8257f5ca0aaed1f269 to a8502a79e832b861e99218cbd2d8f4312d62e225 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.11 is affected unaffected from 0 to 5.11 (excl.) unaffected from 5.10.253 to 5.10.* (incl.) unaffected from 5.15.203 to 5.15.* (incl.) unaffected from 6.1.168 to 6.1.* (incl.) unaffected from 6.6.134 to 6.6.* (incl.) unaffected from 6.12.81 to 6.12.* (incl.) unaffected from 6.18.22 to 6.18.* (incl.) unaffected from 6.19.12 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-43030 PUBLISHED

bpf: Fix regsafe() for pointers to packet

Product Status

References