CVE-2026-45838

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the cgroup storage get next key() function within the bpf subsystem. The list next entry() function does not return NULL; instead, when the current element is the last entry, it wraps to the list head via container of(). This causes the subsequent NULL check to be ineffective, preventing the function from returning -ENOENT for the last element. Consequently, the system reads storage->key from an invalid pointer that aliases internal map fields and copies that data to userspace.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.