SB2026032560 - Unchecked Error Condition in Linux kernel arm64 net

Description

This security bulletin contains information about 1 security vulnerability.

1) Unchecked Error Condition (CVE-ID: CVE-2026-23383)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper memory alignment in the BPF JIT compiler when handling 64-bit atomic operations on arm64. A local user can trigger execution of a specially crafted BPF program to cause a torn read of a 64-bit jump target, leading to control flow hijacking and arbitrary code execution.

Exploitation requires the ability to load and execute BPF programs, which is typically available to unprivileged users in modern Linux distributions with CONFIG_BPF_JIT enabled.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/519b1ad91de5bf7a496f2b858e9212db6328e1de
• https://git.kernel.org/stable/c/66959ed481a474eaae278c7f6860a2a9b188a4d6
• https://git.kernel.org/stable/c/80ad264da02cc4aee718e799c2b79f0f834673dc
• https://git.kernel.org/stable/c/ef06fd16d48704eac868441d98d4ef083d8f3d07