PT-2026-51970 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-53076
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix OOB in pcpu init value
An out-of-bounds read occurs when copying element from a
BPF MAP TYPE CGROUP STORAGE map to another pcpu map with the
same value size that is not rounded up to 8 bytes.
The issue happens when:
- A CGROUP STORAGE map is created with value size not aligned to 8 bytes (e.g., 4 bytes)
- A pcpu map is created with the same value size (e.g., 4 bytes)
- Update element in 2 with data in 1
pcpu init value assumes that all sources are rounded up to 8 bytes,
and invokes copy map value long to make a data copy, However, the
assumption doesn't stand since there are some cases where the source
may not be rounded up to 8 bytes, e.g., CGROUP STORAGE, skb->data.
the verifier verifies exactly the size that the source claims, not
the size rounded up to 8 bytes by kernel, an OOB happens when the
source has only 4 bytes while the copy size(4) is rounded up to 8.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux