Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a potential use-after-free of BTF object

Refcounting in the check_pseudo_btf_id() function is incorrect:
the __check_pseudo_btf_id() function might get called with a zero
refcounted btf. Fix this, and patch related code accordingly.

v3: rephrase a comment (AI)
v2: fix a refcount leak introduced in v1 (AI)
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the Linux kernel's BPF subsystem, where the __check_pseudo_btf_id() function incorrectly handles reference counting for BTF objects. This oversight can lead to a use-after-free condition, allowing an attacker to read or write memory after a BTF object has been freed. The flaw is a classic example of a use-after-free bug (CWE‑416). If exploited, it could compromise kernel memory integrity, potentially enabling arbitrary code execution with elevated privileges.

Affected Systems

This issue affects any Linux installation that includes the kernel version prior to the fix present in the latest commit history (referenced in the provided Git links). No specific kernel version is listed in the CVE entry; therefore all kernels that have not yet applied the fix are potentially impacted.

Risk and Exploitability

The CVSS score is not provided, yet the nature of the flaw suggests high severity. The EPSS score is unavailable, so the current exploitation probability cannot be quantified, and the vulnerability is not cataloged in CISA’s KEV. Attackers would need the ability to load BPF programs or otherwise invoke the flawed path to trigger the use-after-free, but no explicit exploitation chain is detailed in the CVE description.

Generated by OpenCVE AI on May 27, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the patch referenced in the provided Git commits.
  • Reboot the system after the kernel upgrade to ensure the new kernel is running.
  • If BPF is not required, consider disabling it to reduce the attack surface until a patch is applied.

Generated by OpenCVE AI on May 27, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pseudo_btf_id() function might get called with a zero refcounted btf. Fix this, and patch related code accordingly. v3: rephrase a comment (AI) v2: fix a refcount leak introduced in v1 (AI)
Title bpf: Fix a potential use-after-free of BTF object
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:07.255Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45951

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:11.613

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:30:38Z

Weaknesses