CVE-2026-53032
Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in Linux Kernel BPF Subsystem

Vulnerability report for CVE-2026-53032, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in map_kptr_match_type for scalar regs Commit ab6c637ad027 ("bpf: Fix a bpf_kptr_xchg() issue with local kptr") refactored map_kptr_match_type() to branch on btf_is_kernel() before checking base_type(). A scalar register stored into a kptr slot has no btf, so the btf_is_kernel(reg->btf) call dereferences NULL. Move the base_type() != PTR_TO_BTF_ID guard before any reg->btf access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.4.16 (inc) to 6.5 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.91 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.33 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.10 (exc)
linux linux_kernel From 6.5.3 (inc) to 6.6.141 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's BPF (Berkeley Packet Filter) subsystem. Specifically, it involves a NULL pointer dereference in the function map_kptr_match_type when handling scalar registers. The issue arises because the code attempts to check if a register's BTF (BPF Type Format) is kernel-level by calling btf_is_kernel(reg->btf), but scalar registers stored in a kptr slot do not have BTF information, leading to a NULL dereference.

The fix involved refactoring the code to check the base type before accessing the BTF pointer, preventing the NULL dereference.

Impact Analysis

A NULL pointer dereference in the kernel can cause a system crash or kernel panic, leading to denial of service. This means that an attacker or a faulty program could potentially trigger this vulnerability to disrupt system availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53032. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart