Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Limit bpf program signature size

Practical BPF signatures are significantly smaller than
KMALLOC_MAX_CACHE_SIZE

Allowing larger sizes opens the door for abuse by passing excessive
size values and forcing the kernel into expensive allocation paths (via
kmalloc_large or vmalloc).
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel has no imposed limit on the size of BPF program signatures (CWE‑770). An attacker can load a BPF program with an exceptionally large signature bound, forcing the kernel to allocate memory through kmalloc_large or vmalloc. These expensive allocation paths can consume large amounts of kernel memory, leading to performance degradation or triggering out‑of‑memory conditions. The effect is a denial‑of‑service caused by exhausting kernel resources.

Affected Systems

All Linux kernel releases that do not contain the commit adding a signature‑size cap are affected. The vulnerability applies across the entire Linux ecosystem, irrespective of distribution, and impacts every kernel that fails to enforce the bounded signature size.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is less than 1%, suggesting low but non‑zero likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker who can load BPF programs—typically local users granted BPF loading privileges—could trigger the oversized allocation path. The attack does not rely on network exposure and may be exercisable from unprivileged user space if BPF capabilities are present.

Generated by OpenCVE AI on June 18, 2026 at 04:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream kernel patch that introduces the BPF signature‑size cap (commit 5835a077c6f5c…), which directly addresses the CWE‑770 weakness by enforcing input validation on signature size.
  • Reboot the system or reload affected kernel modules so that the new constraint takes effect.
  • Configure kernel logs or monitoring to detect attempts to load oversized BPF signatures, ensuring such attempts are denied and recorded.
  • Verify that no custom BPF modules or configurations override the imposed size cap, maintaining the safeguarded limit in practice.

Generated by OpenCVE AI on June 18, 2026 at 04:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 28 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-789

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-789

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOC_MAX_CACHE_SIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensive allocation paths (via kmalloc_large or vmalloc).
Title bpf: Limit bpf program signature size
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:30.651Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45971

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:14.073

Modified: 2026-06-17T10:52:49.380

Link: CVE-2026-45971

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45971 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T04:15:15Z

Weaknesses