Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet

In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N
regsafe() may return true which may lead to current state with
valid packet range not being explored. Fix the bug.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s BPF subsystem, the function regsafe() incorrectly reports a packet pointer as safe when it points beyond the end of a packet. This logic error can cause BPF programs to operate on memory ranges that have not been properly validated, potentially allowing a malicious program to read or write outside the intended packet boundaries. The result is an unintended kernel memory disclosure or corruption that can be leveraged to compromise system integrity or confidentiality.

Affected Systems

All Linux kernel distributions are impacted, as the issue is present in the core kernel code. No specific version range is listed in the advisory; users should update to any kernel release that incorporates the commit referenced in the kernel git history.

Risk and Exploitability

The vulnerability is a local flaw that requires the execution of a BPF program, typically delivered through a socket filter or tracing interface. No public exploit has been documented, and the EPSS score is not available, implying limited known exploitation. However, because the flaw can lead to kernel memory corruption, the potential impact is high. The CVSS score is not provided, but the nature of the bug indicates a high severity risk for systems that allow untrusted BPF program execution. The lack of a KEV listing suggests that it has not yet been targeted in known exploit campaigns.

Generated by OpenCVE AI on May 1, 2026 at 23:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • 1. Update the Linux kernel to the latest stable release that includes the regsafe() fix (see kernel commit history for resolution).
  • 2. If an immediate kernel update is not possible, deny or restrict BPF program loading by disabling socket filters or applying seccomp policies to limit BPF capabilities.
  • 3. Monitor system logs for anomalous BPF behavior and consider additional hardening such as kernel lockdown or runtime integrity checks.

Generated by OpenCVE AI on May 1, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-372
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 01 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe() for pointers to packet In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N regsafe() may return true which may lead to current state with valid packet range not being explored. Fix the bug.
Title bpf: Fix regsafe() for pointers to packet
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:15:30.564Z

Reserved: 2026-05-01T14:12:55.977Z

Link: CVE-2026-43030

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:47.557

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-43030

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43030 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T23:15:29Z

Weaknesses