SB2026062586 - Out-of-bounds read in Linux kernel bpf



SB2026062586 - Out-of-bounds read in Linux kernel bpf

Published: June 25, 2026

Security Bulletin ID SB2026062586
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-53076)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in pcpu_init_value in the BPF hashtab implementation when copying an element from a BPF_MAP_TYPE_CGROUP_STORAGE map to another per-cpu map with the same non-8-byte-aligned value_size. A local user can update the destination map with data from the crafted source map to disclose sensitive information.

The issue occurs when the source map value size is not rounded up to 8 bytes, causing a copy operation to read past the claimed source size.


Remediation

Install update from vendor's website.