Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Limit bpf program signature size

Practical BPF signatures are significantly smaller than
KMALLOC_MAX_CACHE_SIZE

Allowing larger sizes opens the door for abuse by passing excessive
size values and forcing the kernel into expensive allocation paths (via
kmalloc_large or vmalloc).
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, BPF signatures can be made arbitrarily large because no size limit exists for the signatures themselves. This allows a user with access to the BPF loader to specify an excessively large size value, forcing the kernel to perform expensive memory allocations via kmalloc_large or vmalloc. The resulting kernel memory consumption can exhaust available memory, trigger out‑of‑memory kills, or degrade system performance, effectively causing a denial of service. The vulnerability stems from unchecked allocation of large BPF signature buffers, exposing the kernel to uncontrolled memory usage.

Affected Systems

All Linux kernel implementations before the application of the patch that limits BPF program signature size are susceptible. The vulnerability is vendor‑agnostic within the Linux ecosystem and applies to every kernel version lacking the commit that introduces the size restriction.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. No CVSS score is provided, but the nature of the bug—a lack of bounds checking that permits kernel memory exhaustion—indicates a high severity risk. Attackers can exploit this by injecting BPF programs with oversized signatures through standard user‑space interfaces, causing the kernel to allocate large memory blocks that may overwhelm system resources or lead to kernel crashes.

Generated by OpenCVE AI on May 27, 2026 at 17:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream kernel patch that limits BPF program signature size (committed in 5835a077c6f5c...), ensuring the kernel code enforces a maximum signature size.
  • Reboot into the updated kernel or reload the affected modules so the new limit becomes active.
  • Validate the restriction by attempting to load a BPF program with a signature larger than the newly imposed maximum; the loader should return an error and refuse to allocate the oversized buffer.

Generated by OpenCVE AI on May 27, 2026 at 17:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-789

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOC_MAX_CACHE_SIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensive allocation paths (via kmalloc_large or vmalloc).
Title bpf: Limit bpf program signature size
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:30.651Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45971

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:14.073

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:30:38Z

Weaknesses