CVE-2026-43306
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: crypto: Use the correct destructor kfunc type
With CONFIG_CFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type mismatch when running BPF self-tests:
CFI failure at bpf_obj_free_fields+0x190/0x238 (target: bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc) Internal error: Oops - CFI: 00000000f2008228 [#1] SMP …
As bpf_crypto_ctx_release() is also used in BPF programs and using a void pointer as the argument would make the verifier unhappy, add a simple stub function with the correct type and register it as the destructor kfunc instead.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 3e1c6f35409f9e447bf37f64840f5b65576bfb78 < 4e3e57dbf46dad3498f8c4219ce2dba756875962 | affected |
| Linux | Linux | 3e1c6f35409f9e447bf37f64840f5b65576bfb78 < 50d6fd69388cc7b05dce72f09080674dcede4ac9 | affected |
| Linux | Linux | 3e1c6f35409f9e447bf37f64840f5b65576bfb78 < 3979a550fe06b370d73647f59cf462fa525c9ec4 | affected |
| Linux | Linux | 3e1c6f35409f9e447bf37f64840f5b65576bfb78 < b40a5d724f29fc2eed23ff353808a9aae616b48a | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.12.75 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.16 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.6 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4e3e57dbf46dad3498f8c4219ce2dba756875962
- https://git.kernel.org/stable/c/50d6fd69388cc7b05dce72f09080674dcede4ac9
- https://git.kernel.org/stable/c/3979a550fe06b370d73647f59cf462fa525c9ec4
- https://git.kernel.org/stable/c/b40a5d724f29fc2eed23ff353808a9aae616b48a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.