CVE-2026-45927
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel's BPF mechanism, allowing the hash of a map to be calculated and cached regardless of its frozen state. This can lead to a TOCTOU bug where a user can modify the map's contents before freezing it.
Risk Assessment
Organizations may be exposed to attacks where a trusted loader verifies a stale hash, potentially leading to the loading of modified data.
Recommendation
It is recommended to update the Linux kernel to ensure that the map's hash is generated only for the final, immutable state of the map. Additionally, access to BPF functions should be monitored and controlled.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpf_map_get_info_by_fd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPF_OBJ_GET_INFO_BY_FD to cache the hash and then modify the map contents before freezing. Therefore, a trusted loader can be tricked into verifying the stale hash while loading the modified contents. Fix this by returning -EPERM if the map is not frozen when the hash is requested. This ensures the hash is only generated for the final, immutable state of the map.

