CVE-2026-23383

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the BPF JIT allocator. The allocator requests 4-byte alignment for the JIT buffer, but the bpf plt structure contains a 64-bit (u64) target field. This can lead to misaligned access warnings and, more critically, a torn read during concurrent updates to the target field via WRITE ONCE() in bpf arch text poke() while the JIT'd code executes ldr. This occurs because 64-bit loads and stores on arm64 are only guaranteed to be atomic if 64-bit aligned. A misaligned target risks a jump to a corrupted address. The issue stems from failing to ensure the target lands on an 8-byte boundary due to incorrect padding logic in build plt().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.