CVE-2026-45967
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
A vulnerability in the Linux kernel has been fixed, concerning the map_direct_value_addr() function. This function incorrectly adds an offset to the address, potentially leading to system malfunction.
Risk Assessment
This bug may result in unpredictable system behavior, affecting the stability and security of applications relying on the kernel.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and conduct tests to verify the proper functioning of applications.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve_pseudo_ldimm64() function adds the offset. Fix it. Corresponding selftests are added in a consequent commit.

