Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a potential use-after-free of BTF object

Refcounting in the check_pseudo_btf_id() function is incorrect:
the __check_pseudo_btf_id() function might get called with a zero
refcounted btf. Fix this, and patch related code accordingly.

v3: rephrase a comment (AI)
v2: fix a refcount leak introduced in v1 (AI)
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the Linux kernel's BPF subsystem, where the __check_pseudo_btf_id() function incorrectly handles reference counting for BTF objects. This oversight can lead to a use-after-free condition, allowing an attacker to read or write memory after a BTF object has been freed. The flaw is a classic example of a use-after-free bug (CWE‑416). If exploited, it could compromise kernel memory integrity, potentially enabling arbitrary code execution with elevated privileges.

Affected Systems

This issue affects any Linux installation that includes the kernel version prior to the fix present in the latest commit history (referenced in the provided Git links). No specific kernel version is listed in the CVE entry; therefore all kernels that have not yet applied the fix are potentially impacted.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score is < 1%, which suggests a low but non‑zero likelihood of exploitation. The vulnerability is not cataloged in CISA’s KEV. Attackers would need the ability to load BPF programs or otherwise invoke the flawed path to trigger the use‑after‑free, but no explicit exploitation chain is detailed in the CVE description.

Generated by OpenCVE AI on May 30, 2026 at 12:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the patch referenced in the provided Git commits.
  • Reboot the system after the kernel upgrade to ensure the new kernel is running.
  • If BPF is not required, consider disabling it to reduce the attack surface until a patch is applied.

Generated by OpenCVE AI on May 30, 2026 at 12:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pseudo_btf_id() function might get called with a zero refcounted btf. Fix this, and patch related code accordingly. v3: rephrase a comment (AI) v2: fix a refcount leak introduced in v1 (AI)
Title bpf: Fix a potential use-after-free of BTF object
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-30T10:46:12.863Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45951

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:11.613

Modified: 2026-06-16T02:34:35.307

Link: CVE-2026-45951

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45951 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T13:00:12Z

Weaknesses