SB2026050258 - Always-Incorrect Control Flow Implementation in Linux kernel bpf
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2026-43009)
CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass BPF verifier state tracking.
The vulnerability exists due to improper state management in the BPF verifier backtrack_insn logic when processing BPF atomic fetch instructions. A local user can load a crafted BPF program to bypass BPF verifier state tracking.
The issue occurs because atomic fetch operations are not tracked correctly for precision propagation, which can cause the verifier to incorrectly treat distinct execution states as equivalent and prune branches that should remain separate.
Remediation
Install update from vendor's website.