CVE-2026-43321
BPF Indirect Jump Register Marking Vulnerability in Linux Kernel
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the handling of BPF (Berkeley Packet Filter) instructions, specifically the 'gotox rX' instruction. The issue was that the rX register was not properly marked as used in the compute_insn_live_regs() function, which is responsible for tracking live registers during indirect jumps. The fix ensures that the rX register is correctly marked as live, preventing potential errors in register usage.
How can this vulnerability impact me? :
Improper marking of live registers in BPF instructions could lead to incorrect behavior in the kernel's execution of BPF programs. This might cause unexpected crashes, incorrect packet filtering, or other unpredictable kernel behavior, potentially affecting system stability or security.