CVE-2026-45967 PUBLISHED

bpf: Return proper address for non-zero offsets in insn array

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Return proper address for non-zero offsets in insn array

The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve_pseudo_ldimm64() function adds the offset. Fix it. Corresponding selftests are added in a consequent commit.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 493d9e0d608339a32f568504d5fd411a261bb0af to 73ef43202a37d779a8e665a0acae214fa59df9fb (excl.) affected from 493d9e0d608339a32f568504d5fd411a261bb0af to e3bd7bdf5ffe49d8381e42843f6e98cd0c78a1e8 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.19.4 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-45967 PUBLISHED

bpf: Return proper address for non-zero offsets in insn array

Product Status

References