SB20260424192 - Integer overflow in Linux kernel bpf
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-31525)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to access out-of-bounds map values.
The vulnerability exists due to improper handling of signed integer minimum values in the BPF interpreter's signed 32-bit division and modulo handlers when processing crafted BPF operations that use INT_MIN. A local user can load a crafted BPF program to access out-of-bounds map values.
The issue is caused by a verifier and interpreter mismatch in range tracking for signed 32-bit division and modulo operations.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d5d8c3ce45c734aaf3c51cbef59155a6746157d
- https://git.kernel.org/stable/c/694ea55f1b1c74f9942d91ec366ae9e822422e42
- https://git.kernel.org/stable/c/9ab1227765c446942f290c83382f0b19887c55cf
- https://git.kernel.org/stable/c/c77b30bd1dcb61f66c640ff7d2757816210c7cb0
- https://git.kernel.org/stable/c/f14ca604c0ff274fba19f73f1f0485c0047c1396