SB2026050258 - Always-Incorrect Control Flow Implementation in Linux kernel bpf



SB2026050258 - Always-Incorrect Control Flow Implementation in Linux kernel bpf

Published: May 2, 2026

Security Bulletin ID SB2026050258
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-43009)

CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to bypass BPF verifier state tracking.

The vulnerability exists due to improper state management in the BPF verifier backtrack_insn logic when processing BPF atomic fetch instructions. A local user can load a crafted BPF program to bypass BPF verifier state tracking.

The issue occurs because atomic fetch operations are not tracked correctly for precision propagation, which can cause the verifier to incorrectly treat distinct execution states as equivalent and prune branches that should remain separate.


Remediation

Install update from vendor's website.