CVE-2026-45903

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix memory access flags in helper prototypes

After commit 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking"), the verifier started relying on the access type flags in helper function prototypes to perform memory access optimizations.

Currently, several helper functions utilizing ARG PTR TO MEM lack the corresponding MEM RDONLY or MEM WRITE flags. This omission causes the verifier to incorrectly assume that the buffer contents are unchanged across the helper call. Consequently, the verifier may optimize away subsequent reads based on this wrong assumption, leading to correctness issues.

For bpf get stack proto raw tp, the original MEM RDONLY was incorrect since the helper writes to the buffer. Change it to ARG PTR TO UNINIT MEM which correctly indicates write access to potentially uninitialized memory.

Similar issues were recently addressed for specific helpers in commit ac44dcc788b9 ("bpf: Fix verifier assumptions of bpf d path's output buffer") and commit 2eb7648558a7 ("bpf: Specify access type of bpf sysctl get name args").

Fix these prototypes by adding the correct memory access flags.