CVE-2026-52910

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the Linux kernel BPF reuseport program handling. When a UDP reuseport group uses a cBPF program and that program is replaced or detached via the setsockopt() path (specifically through reuseport attach prog() or reuseport detach prog()), the function sk reuseport prog free() is called. Because cBPF programs are freed immediately by bpf release orig filter() and bpf prog free() without waiting for RCU (Read-Copy-Update) readers to complete, a race condition occurs if another thread is simultaneously sending a UDP packet to the group. This can lead to a vmalloc-out-of-bounds read in the reuseport select sock() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.