CVE-2026-53095
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix abuse of kprobe_write_ctx via freplace
uprobe programs are allowed to modify struct pt_regs.
Since the actual program type of uprobe is KPROBE, it can be abused to modify struct pt_regs via kprobe+freplace when the kprobe attaches to kernel functions.
For example,
SEC("?kprobe") int kprobe(struct pt_regs *regs) { return 0; }
SEC("?freplace") int freplace_kprobe(struct pt_regs *regs) { regs->di = 0; return 0; }
freplace_kprobe prog will attach to kprobe prog. kprobe prog will attach to a kernel function.
Without this patch, when the kernel function runs, its first arg will always be set as 0 via the freplace_kprobe prog.
To fix the abuse of kprobe_write_ctx=true via kprobe+freplace, disallow attaching freplace programs on kprobe programs with different kprobe_write_ctx values.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7384893d970ea114952aef54ad7e3d7d2ca82d4f < b312cf41b9e43f442613053f6cad39898e1baf96 | affected |
| Linux | Linux | 7384893d970ea114952aef54ad7e3d7d2ca82d4f < 9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8 | affected |
| Linux | Linux | 7384893d970ea114952aef54ad7e3d7d2ca82d4f < 611fe4b79af72d00d80f2223354284447daafae9 | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 6.18.33 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.10 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b312cf41b9e43f442613053f6cad39898e1baf96
- https://git.kernel.org/stable/c/9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8
- https://git.kernel.org/stable/c/611fe4b79af72d00d80f2223354284447daafae9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.