Off-by-one in Linux kernel - CVE-2026-53036
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an off-by-one error in the arm64 BPF JIT immediate range check in check_imm() when validating branch displacement values for encoded BPF branch instructions. A local user can supply a crafted branch displacement value to cause a denial of service.
The issue can flip a forward branch into a backward one because the raw value is masked into the signed immediate field.
How to mitigate CVE-2026-53036
Sources
- https://git.kernel.org/stable/c/1a113b5497297871699cd498b1b83542e0db7f15
- https://git.kernel.org/stable/c/1dd8be4ec722ce54e4cace59f3a4ba658111b3ec
- https://git.kernel.org/stable/c/6927f0d6794aa73318bbfa929f1ff6065b0620df
- https://git.kernel.org/stable/c/7fd3b41260c6120e7b60164afea5d961af6224f9
- https://git.kernel.org/stable/c/a5dfeb3b61065039488342d43ae06d4729d955d4
- https://git.kernel.org/stable/c/fb74defa1cca1a73177c0c761e641332e4f979a3