SB2026062564 - Improper input validation in Linux kernel bpf
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-53092)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass the BPF verifier's safety checks.
The vulnerability exists due to improper input validation in the BPF verifier when processing BPF add or subtract operations where the source and destination register are the same. A local user can load a crafted BPF program to bypass the BPF verifier's safety checks.
The issue stems from incorrect delta tracking for linked registers, which can create a verifier-versus-runtime mismatch.
Remediation
Install update from vendor's website.