PT-2026-51970 · Linux · Linux

Publicado

2026-06-24

Atualizado

2026-06-24

CVE-2026-53076

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix OOB in pcpu init value

An out-of-bounds read occurs when copying element from a BPF MAP TYPE CGROUP STORAGE map to another pcpu map with the same value size that is not rounded up to 8 bytes.

The issue happens when:

A CGROUP STORAGE map is created with value size not aligned to 8 bytes (e.g., 4 bytes)
A pcpu map is created with the same value size (e.g., 4 bytes)
Update element in 2 with data in 1

pcpu init value assumes that all sources are rounded up to 8 bytes, and invokes copy map value long to make a data copy, However, the assumption doesn't stand since there are some cases where the source may not be rounded up to 8 bytes, e.g., CGROUP STORAGE, skb->data. the verifier verifies exactly the size that the source claims, not the size rounded up to 8 bytes by kernel, an OOB happens when the source has only 4 bytes while the copy size(4) is rounded up to 8.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2026-53076

Produtos afetados

Linux

PT-2026-51970 · Linux · Linux

CVE-2026-53076

Identificadores relacionados

Produtos afetados

Referências · 6