Impact
In the Linux kernel, the verifier for eBPF programs incorrectly handles failure paths for the ld_abs and ld_ind instructions within subprograms. When these load operations fail, the verifier no longer simulates the erroneous exit path, potentially allowing malicious BPF code to slip through verification and access or modify memory that should be protected. This flaw represents a failure to handle an error condition correctly and is a manifestation of the CWE-253 weakness of Incorrect Verification of a Condition, which could lead to kernel memory corruption or privilege escalation if an attacker injects a crafted BPF program.
Affected Systems
Any Linux kernel instance running a version prior to the commit that introduced the fix (the patch referenced in the advisory) is susceptible. Because no specific version range is listed, all older kernel releases may be affected until the update is applied.
Risk and Exploitability
Based on the description, it is inferred that the attack vector is an attacker capable of loading eBPF programs—such as a privileged user or a compromised application—who could craft a subprogram that exploits the missing error path simulation. The CVSS score of 7.8 indicates moderate to high severity. The EPSS score is < 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, so no active known exploits have been reported. This flaw is a CWE-253 Incorrect Verification of a Condition error, suggesting that such an attacker could potentially bypass security checks and gain kernel-level access. The exact likelihood of exploitation depends on the attacker’s ability to inject BPF code; no public exploit code is known at this time.
OpenCVE Enrichment