Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local-only vector via bpf() syscall; low privilege sufficient where unprivileged BPF is enabled; pure availability DoS with no confidentiality or integrity impact.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
bpf: Limit bpf program signature size
Practical BPF signatures are significantly smaller than KMALLOC_MAX_CACHE_SIZE
Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensive allocation paths (via kmalloc_large or vmalloc).
AnalysisAI
Uncontrolled BPF program signature size in the Linux kernel allows a low-privileged local user to force the kernel into expensive memory allocation paths (kmalloc_large or vmalloc) by supplying an arbitrarily large signature size value to the BPF_PROG_LOAD operation. Affected kernel versions prior to 6.18.14, 6.19.4, and 7.0 are vulnerable to local denial-of-service through kernel memory exhaustion. No public exploit has been identified at time of analysis and no active exploitation is confirmed (not in CISA KEV), with an EPSS score of 0.02% (4th percentile) indicating very low automated exploitation probability.
Technical ContextAI
The Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically the BPF_PROG_LOAD path, accepts a user-supplied signature size parameter that was not bounded against practical limits. The KMALLOC_MAX_CACHE_SIZE constant defines the ceiling for efficient slab-allocator caching; values exceeding this threshold force the kernel to invoke kmalloc_large (for large contiguous physical allocations) or vmalloc (for virtually-mapped non-contiguous allocations), both of which impose significantly higher overhead and memory pressure than standard slab paths. The root cause is the absence of an upper-bound check on the signature size before allocation - functionally equivalent to CWE-770 (Allocation of Resources Without Limits or Throttling), though no formal CWE was assigned. Affected products are identified via CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, spanning the kernel tree from commit 349271568303695f0ac3563af153d2b4542f6986 through the fix commits in stable branches.
RemediationAI
The primary remediation is to upgrade to a patched Linux kernel release: 6.18.14, 6.19.4, or 7.0 (or any later stable release). The upstream fix commits are available at https://git.kernel.org/stable/c/ea1535e28bb3773fc0b3cbd1f3842b808016990c, https://git.kernel.org/stable/c/5835a077c6f5c565d525eaca9fac01572b97a9b9, and https://git.kernel.org/stable/c/eb8166c79097996396468a341de258a798789d36. As a compensating control on systems where immediate kernel upgrade is not feasible, administrators should set kernel.unprivileged_bpf_disabled=1 via sysctl (or persistently in /etc/sysctl.d/), which restricts bpf() syscall access to processes holding CAP_BPF or CAP_SYS_ADMIN and eliminates the low-privilege attack path. Note that this control may break eBPF-dependent observability tools (e.g., bpftrace, perf with BPF, some versions of Cilium or Falco running without elevated privileges) - assess application impact before deploying. In container environments, apply a seccomp profile that denies the bpf syscall for untrusted workloads. Patch availability is confirmed from vendor (kernel.org stable tree); exact fix versions are confirmed from EUVD data.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Availability Extension 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.5 | Not-Affected |
| SUSE Linux Enterprise Micro 5.5 | Not-Affected |
| SUSE Linux Enterprise Micro 5.5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Legacy 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Legacy 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 16.0 | Not-Affected |
| SUSE Linux Enterprise Server 16.0 | Not-Affected |
| SUSE Linux Enterprise Server 16.1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Not-Affected |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Not-Affected |
| SUSE Linux Micro 6.0 | Not-Affected |
| SUSE Linux Micro 6.0 | Not-Affected |
| SUSE Linux Micro 6.0 | Not-Affected |
| SUSE Linux Micro 6.1 | Not-Affected |
| SUSE Linux Micro 6.1 | Not-Affected |
| SUSE Linux Micro 6.1 | Not-Affected |
| SUSE Linux Micro 6.2 | Not-Affected |
| SUSE Linux Micro 6.2 | Not-Affected |
| SUSE Real Time Module 15 SP7 | Not-Affected |
| openSUSE Leap 16.0 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Live Patching 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Live Patching 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Live Patching 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Not-Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Not-Affected |
| SUSE Manager Proxy 4.3 | Not-Affected |
| SUSE Manager Proxy LTS 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Not-Affected |
| SUSE Manager Server 4.3 | Not-Affected |
| SUSE Manager Server LTS 4.3 | Not-Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Not-Affected |
| SUSE Linux Enterprise Desktop 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Micro 5.0 | Not-Affected |
| SUSE Linux Enterprise Micro 5.1 | Not-Affected |
| SUSE Linux Enterprise Micro 5.2 | Not-Affected |
| SUSE Linux Enterprise Micro 5.2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| SUSE OpenStack Cloud 9 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 9 | Not-Affected |
| SUSE Real Time Module 15 SP4 | Not-Affected |
| SUSE Real Time Module 15 SP5 | Not-Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.6 | Not-Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32255
GHSA-2prw-x82w-7whc