CVE-2026-45951

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a potential use-after-free of BTF object

Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pseudo_btf_id() function might get called with a zero refcounted btf. Fix this, and patch related code accordingly.

v3: rephrase a comment (AI) v2: fix a refcount leak introduced in v1 (AI)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux76145f7255326761dafb76721a785799d8a00d5f < eac65c272f3b49021a843cba5107d63627395e0eaffected
LinuxLinux76145f7255326761dafb76721a785799d8a00d5f < 9ff46ffeecdb1802d6e26183177935b948a12e7faffected
LinuxLinux76145f7255326761dafb76721a785799d8a00d5f < ccd2d799ed4467c07f5ee18c2f5c59bcc990822caffected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References