Description
In the Linux kernel, the following vulnerability has been resolved:

s390/bpf: Zero-extend bpf prog return values and kfunc arguments

s390x ABI requires callers to zero-extend unsigned arguments and
sign-extend signed arguments, and callees to zero-extend unsigned
return values and sign-extend signed return values.

s390 BPF JIT currently implements only sign extension. Fix this
omission and implement zero extension too.
Published: 2026-06-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s BPF JIT compiler for the s390 architecture currently performs only sign‑extension of values, while the ABI requires unsigned values to be zero‑extended. This mismatch can cause BPF programs to read or write incorrect data, which may compromise the integrity of kernel structures or lead to a crash. The impact is not explicitly stated in the advisory; it is inferred from the fact that the flaw exists in kernel-executed code and can alter data passed to or returned from BPF programs.

Affected Systems

Linux kernel installations that run on s390 hardware and support BPF program loading are affected. The advisory does not enumerate specific kernel releases, so any mainline kernel for s390 that lacks the referenced patch may be vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a moderate‑to‑high severity, and the EPSS score of less than 1% suggests a low current exploitation probability. The flaw resides in kernel code, so the attack vector likely requires a user or process with the ability to load BPF programs; local privilege or an application with appropriate capabilities would suffice. The vulnerability is not listed in CISA’s KEV catalog, and no public exploits have been reported yet. Based on the description, exploitation could lead to kernel data corruption or denial of service but the exact path is not detailed.

Generated by OpenCVE AI on June 28, 2026 at 14:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel version that contains the zero‑extend patch for s390, which is available in the latest stable releases.
  • If an update is not possible, disable BPF JIT on s390 by turning off CONFIG_BPF_JIT or setting kernel.bpf_jit_disable_hardening to true.
  • Restrict or block BPF program loading on the system by using SELinux, AppArmor, or capabilities, or by removing the CONFIG_BPF_SYSCALL configuration option.

Generated by OpenCVE AI on June 28, 2026 at 14:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sat, 27 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-194
CWE-196

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-681
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-194
CWE-196

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend signed return values. s390 BPF JIT currently implements only sign extension. Fix this omission and implement zero extension too.
Title s390/bpf: Zero-extend bpf prog return values and kfunc arguments
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:20.484Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53110

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53110 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:00:12Z

Weaknesses
  • CWE-681

    Incorrect Conversion between Numeric Types