Improper input validation in Linux kernel - CVE-2026-53092
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to bypass the BPF verifier's safety checks.
The vulnerability exists due to improper input validation in the BPF verifier when processing BPF add or subtract operations where the source and destination register are the same. A local user can load a crafted BPF program to bypass the BPF verifier's safety checks.
The issue stems from incorrect delta tracking for linked registers, which can create a verifier-versus-runtime mismatch.