Improper access control in Linux kernel - CVE-2026-53081

 

Improper access control in Linux kernel - CVE-2026-53081

Published: June 25, 2026


Vulnerability identifier: #VU135223
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53081
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to bypass BPF verifier state pruning checks.

The vulnerability exists due to improper access control in the BPF verifier when comparing scalar registers carrying BPF_ADD_CONST state. A local user can load a specially crafted BPF program to bypass BPF verifier state pruning checks.

The issue occurs because compound scalar IDs are checked without ensuring consistent mapping of their underlying base IDs.


How to mitigate CVE-2026-53081

Install security update from vendor's repository.

Sources