Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet

In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N
regsafe() may return true which may lead to current state with
valid packet range not being explored. Fix the bug.
Published: 2026-05-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the Linux kernel’s BPF subsystem, where the regsafe() function may incorrectly report a packet pointer as safe when the range condition is beyond the packet end. Based on the description, it is inferred that this flaw is local in scope, affecting only processes that can load BPF programs. This logic error does not directly lead to memory corruption or information disclosure, but it can prevent a BPF program from executing over a valid packet range, potentially causing functional failure or unintended behavior. The weakness is tied to a validation flaw (CWE‑372).

Affected Systems

All Linux kernel releases that include the BPF subsystems before the patch commit are susceptible. The issue is in the core kernel code rather than a vendor‑specific package, so any system running an unpatched kernel is affected.

Risk and Exploitability

The flaw is local and consumes the ability to load or execute a BPF program, typically through socket filters or tracepoints. The EPSS score is less than 1 % and the vulnerability is not listed in the CISA KEV catalog, indicating a low exploitation probability. The CVSS score of 7.8 reflects high severity for environments that allow arbitrary BPF code to be loaded, but the threat is limited to those contexts. Based on the description, it is inferred that the likely attack vector is local, involving BPF program loading via socket filters or tracepoints.

Generated by OpenCVE AI on May 8, 2026 at 20:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the regsafe() fix; refer to the kernel commit to ensure the patch is applied.
  • If a kernel upgrade is unavailable, block BPF program loading by disabling socket filters or removing tracepoints that admit BPF programs; alternatively use a seccomp profile that restricts BPF system calls.
  • Monitor kernel logs for abnormal BPF behavior and consider enabling kernel lockdown or other runtime integrity controls if BPF is not required for normal operation.

Generated by OpenCVE AI on May 8, 2026 at 20:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

Sun, 03 May 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 02 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-372
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 01 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe() for pointers to packet In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N regsafe() may return true which may lead to current state with valid packet range not being explored. Fix the bug.
Title bpf: Fix regsafe() for pointers to packet
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:05.739Z

Reserved: 2026-05-01T14:12:55.977Z

Link: CVE-2026-43030

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:47.557

Modified: 2026-05-08T18:36:14.140

Link: CVE-2026-43030

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43030 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T20:30:16Z

Weaknesses