bpf: Properly mark live registers for indirect jumps

...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's-nocbcbkthread pointer access CVE-2025-38704 In...

CVE-2026-43416

A flaw was found in the Linux kernel. A local user can cause a denial of service DoS by triggering a NULL pointer dereference within the perf subsystem. This occurs when the memory management structure current-mm is prematurely released before the system attempts to retrieve the user callchain,...

CVE-2026-43321

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability arises from the kernel's failure to correctly identify and mark active registers during indirect jump operations within the BPF program execution. An attacker could potentially exploit this to manipula...

CVE-2026-43306

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF crypto component. A local attacker, by running a specially crafted BPF program, could trigger a type mismatch in function pointers when Control Flow Integrity CFI is enabled. This can lead to a kernel internal error, resulting in a...

EUVD-2026-28605

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

CVE-2026-43416

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

UBUNTU-CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

CVE-2026-43321 bpf: Properly mark live registers for indirect jumps

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the checkmemaccess function in the BPF module, which matches PTRTOBUF pointers using...

PT-2026-38972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF verifier where live registers for indirect jumps are not properly marked. Specifically, for a gotox rX instruction, the rX register is not marked as used withi...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incomplete live register markings in bpf, where the rX register is not marked as being used...

PT-2026-38984

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the check mem access function matches PTR TO BUF via base type, which strips PTR MAYBE NULL. This allows direct dereference of pointers without...

CVE-2026-43070

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The verifier fails to correctly reset a register's ID after a BPFEND byte swap operation. This oversight can lead to the verifier incorrectly propagating learned memory bounds to other registers, creating false confidence...

SUSE CVE-2026-43009

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...

Poly Clariti Manager – May 2026 Security Update

Multiple potential security vulnerabilities have been identified on Poly Clariti Manager, on-premises management platform. These vulnerabilities are related to Berkeley Internet Name Domain BIND, which is an open-source protocol. HP has released updates to mitigate the potential vulnerabilities. ...

CVE-2026-43070

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPFEND value tracking When a register undergoes a BPFEND byte swap operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register e.g., after an r1...

CVE-2026-43070

The CVE describes a Linux kernel BPF verifier flaw: after a BPF_END (byte swap), dst_reg->id is not reset to 0, which can cause the verifier to propagate learned bounds to a linked register, creating a risk of out-of-bounds memory accesses. The concrete impact is potential privilege/escalation...