CVE Catalog

CVE-2026-45967

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile - higher than 1% of all known CVEs

Summary

A vulnerability in the Linux kernel has been fixed, concerning the map_direct_value_addr() function. This function incorrectly adds an offset to the address, potentially leading to system malfunction.

Risk Assessment

This bug may result in unpredictable system behavior, affecting the stability and security of applications relying on the kernel.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and conduct tests to verify the proper functioning of applications.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve_pseudo_ldimm64() function adds the offset. Fix it. Corresponding selftests are added in a consequent commit.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS