Skip to main content

Linux Kernel EUVDEUVD-2026-32255

| CVE-2026-45971 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-2prw-x82w-7whc
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only vector via bpf() syscall; low privilege sufficient where unprivileged BPF is enabled; pure availability DoS with no confidentiality or integrity impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:53 vuln.today
CVSS changed
Jun 16, 2026 - 02:52 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

bpf: Limit bpf program signature size

Practical BPF signatures are significantly smaller than KMALLOC_MAX_CACHE_SIZE

Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensive allocation paths (via kmalloc_large or vmalloc).

AnalysisAI

Uncontrolled BPF program signature size in the Linux kernel allows a low-privileged local user to force the kernel into expensive memory allocation paths (kmalloc_large or vmalloc) by supplying an arbitrarily large signature size value to the BPF_PROG_LOAD operation. Affected kernel versions prior to 6.18.14, 6.19.4, and 7.0 are vulnerable to local denial-of-service through kernel memory exhaustion. No public exploit has been identified at time of analysis and no active exploitation is confirmed (not in CISA KEV), with an EPSS score of 0.02% (4th percentile) indicating very low automated exploitation probability.

Technical ContextAI

The Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically the BPF_PROG_LOAD path, accepts a user-supplied signature size parameter that was not bounded against practical limits. The KMALLOC_MAX_CACHE_SIZE constant defines the ceiling for efficient slab-allocator caching; values exceeding this threshold force the kernel to invoke kmalloc_large (for large contiguous physical allocations) or vmalloc (for virtually-mapped non-contiguous allocations), both of which impose significantly higher overhead and memory pressure than standard slab paths. The root cause is the absence of an upper-bound check on the signature size before allocation - functionally equivalent to CWE-770 (Allocation of Resources Without Limits or Throttling), though no formal CWE was assigned. Affected products are identified via CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, spanning the kernel tree from commit 349271568303695f0ac3563af153d2b4542f6986 through the fix commits in stable branches.

RemediationAI

The primary remediation is to upgrade to a patched Linux kernel release: 6.18.14, 6.19.4, or 7.0 (or any later stable release). The upstream fix commits are available at https://git.kernel.org/stable/c/ea1535e28bb3773fc0b3cbd1f3842b808016990c, https://git.kernel.org/stable/c/5835a077c6f5c565d525eaca9fac01572b97a9b9, and https://git.kernel.org/stable/c/eb8166c79097996396468a341de258a798789d36. As a compensating control on systems where immediate kernel upgrade is not feasible, administrators should set kernel.unprivileged_bpf_disabled=1 via sysctl (or persistently in /etc/sysctl.d/), which restricts bpf() syscall access to processes holding CAP_BPF or CAP_SYS_ADMIN and eliminates the low-privilege attack path. Note that this control may break eBPF-dependent observability tools (e.g., bpftrace, perf with BPF, some versions of Cilium or Falco running without elevated privileges) - assess application impact before deploying. In container environments, apply a seccomp profile that denies the bpf syscall for untrusted workloads. Patch availability is confirmed from vendor (kernel.org stable tree); exact fix versions are confirmed from EUVD data.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32255 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy