Description
In the Linux kernel, the following vulnerability has been resolved:

bpf: Validate node_id in arena_alloc_pages()

arena_alloc_pages() accepts a plain int node_id and forwards it through
the entire allocation chain without any bounds checking.

Validate node_id before passing it down the allocation chain in
arena_alloc_pages().
Published: 2026-06-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel's BPF subsystem allows an integer node_id to be passed to arena_alloc_pages without bounds checking. The lack of validation can cause the kernel to request memory from a non‑existent NUMA node or to index memory buffers incorrectly, potentially leading to kernel memory corruption, crashes, or denial of service. In configurations that permit user‑space loading of BPF programs, a local attacker may be able to exploit this defect to execute code in kernel context or elevate privileges, but the description does not confirm a guaranteed code‑execution path.

Affected Systems

The vulnerability is present in all Linux kernel releases that lack the node_id validation patch. Any distribution shipping an unpatched kernel is susceptible until the update is applied. Specific distro names or kernel versions are not listed in the advisory, so all vulnerable kernels must be treated as affected.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation at the present time. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread public exploits are known. The exploitation path requires a local attacker that can load BPF programs—typically a privileged operation, though it can be extended to other users depending on kernel configuration and system privileges.

Generated by OpenCVE AI on June 28, 2026 at 13:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that contains the node_id bounds‑checking patch.
  • If an immediate update is not possible, consider disabling or limiting BPF program loading by removing CONFIG_BPF from the kernel configuration or setting appropriate sysctl limits.
  • Apply any vendor‑specific backports or security updates that address the node_id validation issue as they become available.

Generated by OpenCVE AI on June 28, 2026 at 13:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 26 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-839
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Validate node_id in arena_alloc_pages() arena_alloc_pages() accepts a plain int node_id and forwards it through the entire allocation chain without any bounds checking. Validate node_id before passing it down the allocation chain in arena_alloc_pages().
Title bpf: Validate node_id in arena_alloc_pages()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:38:17.067Z

Reserved: 2026-06-09T07:44:35.380Z

Link: CVE-2026-53031

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53031 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses
  • CWE-839

    Numeric Range Comparison Without Minimum Check