Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-43009
Published: May 2, 2026
Vulnerability identifier: #VU128907
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43009
CWE-ID: CWE-670
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to bypass BPF verifier state tracking.
The vulnerability exists due to improper state management in the BPF verifier backtrack_insn logic when processing BPF atomic fetch instructions. A local user can load a crafted BPF program to bypass BPF verifier state tracking.
The issue occurs because atomic fetch operations are not tracked correctly for precision propagation, which can cause the verifier to incorrectly treat distinct execution states as equivalent and prune branches that should remain separate.
How to mitigate CVE-2026-43009
Install security update from vendor's repository.