Impact
The Linux kernel BPF verifier incorrectly calculates register deltas when the same register is used as both source and destination. This causes an incorrect delta to be set and propagated to linked registers, leading to a mismatch between the verifier’s expected register values and the actual runtime state. The mismatch may cause BPF programs to execute with unintended register values, affecting program correctness and stability.
Affected Systems
All Linux kernel releases before commit cc86a8b0a1c54d2bccf6f68cf49b82dea91b84de are vulnerable. The issue resides in the core kernel BPF verifier and is independent of distribution; any system running an unpatched kernel version is affected.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, and the EPSS score of <1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector may involve loading or influencing user‑supplied BPF programs. The lack of known exploitation evidence suggests a low exploitation probability, but the mismatch could still compromise program correctness.
OpenCVE Enrichment