Impact
The kernel when BPF_ADD_CONST scalars are compared, allowing the verifier to the construction of BPF programs that pass verification while internally referencing mismatched registers, which may cause unintended kernel behavior. The description does not confirm a specific privilege escalation or crash, but a malicious program could potentially exploit the incorrect state pruning to influence kernel execution in a way that is not intended. The impact is a logic flaw that could be leveraged to influence BPF program validation rather than traditional exploits such as code injection.
Affected Systems
All Linux kernel BPF verifier instances potentially affected. The vulnerability is not tied to a specific distribution release or kernel running an unpatched Linux kernel and capable of loading eBPF programs may be impacted. The flaw is relevant to any subsystem that uses the BPF verifier, such as network packet filtering, tracing, or custom eBPF tools.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity, but the EPSS score of < 1% shows a very low predicted exploitation probability at this time. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploit usage. Attackers would need the ability to load custom BPF programs, which typically requires root or the CAP_SYS_ADMIN capability. A non‑privileged user is unlikely to be able to exploit this flaw unless the system grants BPF loading permissions to untrusted contexts. The likely attack vector is local privileged or specially permitted processes that can inject BPF code.
OpenCVE Enrichment