CVE-2026-43333
Received Received - Intake
Kernel NULL Dereference in Linux Kernel BPF Subsystem

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx->key and ctx->value are PTR_TO_BUF | PTR_MAYBE_NULL. On stop callbacks these are NULL, causing a kernel NULL dereference. Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the existing PTR_TO_BTF_ID pattern.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43333
EUVD
EUVD-2026-28617
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of BPF (Berkeley Packet Filter) pointers. Specifically, the function check_mem_access() incorrectly matches PTR_TO_BUF pointers by stripping the PTR_MAYBE_NULL attribute, which allows direct dereferencing without checking if the pointer is null.

In map iterator callbacks, the context keys and values are pointers that can be null (PTR_TO_BUF combined with PTR_MAYBE_NULL). When stop callbacks occur, these pointers can be null, leading to a kernel NULL pointer dereference.

The fix involved adding a guard (type_may_be_null()) to properly handle nullable pointers in the PTR_TO_BUF branch, preventing unsafe dereferencing.

Impact Analysis

This vulnerability can cause a kernel NULL pointer dereference, which typically leads to a kernel crash or system instability.

Such crashes can result in denial of service (DoS) conditions, potentially disrupting normal system operations and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43333. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart