Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local low-priv BPF loading (PR:L); non-default bpf_jit_harden=2 precondition raises AC:H; demonstrated impact is a kernel crash (A:H) with only speculative info/integrity loss (C:L/I:L).
Primary rating from Vendor (Linux).
CVSS VectorVendor: Linux
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stale offload->prog pointer after constant blinding
When a dev-bound-only BPF program (BPF_F_XDP_DEV_BOUND_ONLY) undergoes JIT compilation with constant blinding enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program. The original prog is then freed in bpf_jit_prog_release_other(), which updates aux->prog to point to the surviving clone, but fails to update offload->prog.
This leaves offload->prog pointing to the freed original program. When the network namespace is subsequently destroyed, cleanup_net() triggers bpf_dev_bound_netdev_unregister(), which iterates ondev->progs and calls __bpf_prog_offload_destroy(offload->prog). Accessing the freed prog causes a page fault:
BUG: unable to handle page fault for address: ffffc900085f1038 Workqueue: netns cleanup_net RIP: 0010:__bpf_prog_offload_destroy+0xc/0x80 Call Trace: __bpf_offload_dev_netdev_unregister+0x257/0x350 bpf_dev_bound_netdev_unregister+0x4a/0x90 unregister_netdevice_many_notify+0x2a2/0x660 ... cleanup_net+0x21a/0x320
The test sequence that triggers this reliably is:
- Set net.core.bpf_jit_harden=2 (echo 2 > /proc/sys/net/core/bpf_jit_harden)
- Run xdp_metadata selftest, which creates a dev-bound-only XDP
program on a veth inside a netns (./test_progs -t xdp_metadata)
- cleanup_net -> page fault in __bpf_prog_offload_destroy
Dev-bound-only programs are unique in that they have an offload structure but go through the normal JIT path instead of bpf_prog_offload_compile(). This means they are subject to constant blinding's prog clone-and-replace, while also having offload->prog that must stay in sync.
Fix this by updating offload->prog in bpf_jit_prog_release_other(), alongside the existing aux->prog update. Both are back-pointers to the prog that must be kept in sync when the prog is replaced.
AnalysisAI
Local privilege/denial-of-service exposure in the Linux kernel BPF subsystem allows a low-privileged user who can load a device-bound XDP program to trigger a use-after-free during network namespace teardown. When constant blinding is enabled (bpf_jit_harden=2), JIT compilation of a BPF_F_XDP_DEV_BOUND_ONLY program clones the program and frees the original, but offload->prog is left pointing at the freed buffer; later netns cleanup dereferences it. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires all of: (1) net.core.bpf_jit_harden set to 2 (constant blinding enabled) - a NON-default setting that gates the whole bug; (2) the ability to load a device-bound-only XDP program using the BPF_F_XDP_DEV_BOUND_ONLY flag, i.e., local access with BPF/XDP loading privileges (CVSS PR:L); (3) attachment to a netdev (e.g., veth) inside a network namespace; and (4) subsequent destruction of that namespace to trigger cleanup_net and the stale-pointer dereference. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and point to a real-but-narrow risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a host with net.core.bpf_jit_harden=2, a local user (e.g., inside a container with BPF/XDP privileges) creates a network namespace, loads a device-bound-only XDP program on a veth so it is JIT-compiled with constant blinding, then deletes the namespace. The cleanup_net workqueue dereferences the freed offload->prog, reliably crashing the kernel; this matches the documented test_progs -t xdp_metadata reproduction and could potentially be developed further given a use-after-free primitive. |
| Remediation | Vendor-released patch: upgrade to a fixed stable kernel - 6.6.141, 6.12.91, 6.18.33, 7.0.10, or 7.1 (or your distribution's backport carrying commits a713b72ff88c / 25484c39d1ec / 059525cf18e6 / c79f8503d83d / a1aa9ef47c29 from git.kernel.org/stable). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Linux systems and determine whether BPF JIT hardening (bpf_jit_harden=2) is enabled; correlate with kernel versions containing CVE-2026-53094. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38962
GHSA-c5q6-h25m-p95j