Impact
The Linux kernel’s BPF JIT compiler for the s390 architecture currently performs only sign‑extension of values, while the ABI requires unsigned values to be zero‑extended. This mismatch can cause BPF programs to read or write incorrect data, which may compromise the integrity of kernel structures or lead to a crash. The impact is not explicitly stated in the advisory; it is inferred from the fact that the flaw exists in kernel-executed code and can alter data passed to or returned from BPF programs.
Affected Systems
Linux kernel installations that run on s390 hardware and support BPF program loading are affected. The advisory does not enumerate specific kernel releases, so any mainline kernel for s390 that lacks the referenced patch may be vulnerable.
Risk and Exploitability
The CVSS score of 7.8 indicates a moderate‑to‑high severity, and the EPSS score of less than 1% suggests a low current exploitation probability. The flaw resides in kernel code, so the attack vector likely requires a user or process with the ability to load BPF programs; local privilege or an application with appropriate capabilities would suffice. The vulnerability is not listed in CISA’s KEV catalog, and no public exploits have been reported yet. Based on the description, exploitation could lead to kernel data corruption or denial of service but the exact path is not detailed.
OpenCVE Enrichment