Skip to main content

Linux Kernel CVE-2026-43030

| EUVDEUVD-2026-26629 HIGH
2026-05-01 Linux
High
Disputed · 7.8 Vendor: Linux
Share

Severity by source

Sources disagree (Low–High)
Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:36 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26629
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet

In case rold->reg->range BEYOND_PKT_END && rcur->reg->range N regsafe() may return true which may lead to current state with valid packet range not being explored. Fix the bug.

AnalysisAI

A logic error in the Linux kernel's BPF verifier regsafe() function allows local attackers with low privileges to exploit improper state exploration for packet pointer ranges, potentially leading to high confidentiality, integrity, and availability impacts. The vulnerability affects multiple stable kernel branches from 5.10 through 6.19, with vendor patches available across all affected versions. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Technical ContextAI

The vulnerability resides in the Berkeley Packet Filter (BPF) verifier, a critical kernel component that performs static analysis on BPF programs before they execute to ensure safety and prevent privilege escalation. The regsafe() function validates register states during path exploration in the verifier's state pruning logic. The bug occurs when comparing register states: if an old state has a register with range BEYOND_PKT_END and the current state has a different range value, regsafe() may incorrectly return true, causing the verifier to prune valid execution paths. This allows BPF programs with packet pointer range violations to bypass verification, potentially enabling out-of-bounds memory access. BPF is used extensively for networking, tracing, and security operations, making verifier bugs particularly concerning as they can break kernel isolation guarantees. The affected code path is in the state comparison logic introduced in commit 6d94e741a8ff, with fixes backported to stable kernels 5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and mainline.

RemediationAI

Upgrade to patched kernel versions: 5.10.253 or later for 5.10.x branch, 5.15.203+ for 5.15.x, 6.1.168+ for 6.1.x, 6.6.134+ for 6.6.x, 6.12.81+ for 6.12.x, 6.18.22+ for 6.18.x, 6.19.12+ for 6.19.x, or kernel 7.0+ for mainline. Vendor patches are available at https://git.kernel.org/stable/ with specific commits listed in references. Organizations unable to immediately patch should implement compensating controls: restrict BPF program loading to trusted administrative users only by ensuring unprivileged_bpf_disabled sysctl is set to 1 (echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled) and removing CAP_BPF/CAP_SYS_ADMIN capabilities from untrusted processes. Note that disabling unprivileged BPF may break observability tools like systemd, cilium, or performance monitoring solutions that rely on user-space BPF access. For container environments, use seccomp profiles to block bpf() syscall for untrusted workloads, understanding this prevents legitimate BPF-based networking and tracing in those containers. Apply kernel live patching if available for your distribution (kpatch/livepatch) to avoid reboot downtime.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43030 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy