2 matches found
CVE-2026-31413
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybeforkscalars for BPFOR maybeforkscalars is called for both BPFAND and BPFOR when the source operand is a constant. When dst has signed range -1, 0, it forks the verifier state: the pushed pa...
CVE-2026-31413
CVE-2026-31413 — Linux kernel BPF verifier flaw (CVE-joined info from multiple sources) The issue arises in maybe_fork_scalars() when handling ARSH plus AND/OR with a constant in the BPF verifier. The code forks the verifier state; the pushed path previously used env->insn_idx + 1, so it re-ex...