Description
In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type mismatch when running BPF self-tests: CFI failure at bpf_obj_free_fields+0x190/0x238 (target: bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc) Internal error: Oops - CFI: 00000000f2008228 [#1] SMP ... As bpf_crypto_ctx_release() is also used in BPF programs and using a void pointer as the argument would make the verifier unhappy, add a simple stub function with the correct type and register it as the destructor kfunc instead.
References (4)
Core 4
Core References
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (15)
Linux/Linux
< 6.10
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 3979a550fe06b370d73647f59cf462fa525c9ec4
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 4e3e57dbf46dad3498f8c4219ce2dba756875962
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 50d6fd69388cc7b05dce72f09080674dcede4ac9
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - b40a5d724f29fc2eed23ff353808a9aae616b48a
Linux/Linux
3e1c6f35409f9e447bf37f64840f5b65576bfb78 - 3979a550fe06b370d73647f59cf462fa525c9ec4
Linux/Linux
3e1c6f35409f9e447bf37f64840f5b65576bfb78 - 4e3e57dbf46dad3498f8c4219ce2dba756875962
Linux/Linux
3e1c6f35409f9e447bf37f64840f5b65576bfb78 - 50d6fd69388cc7b05dce72f09080674dcede4ac9
Linux/Linux
3e1c6f35409f9e447bf37f64840f5b65576bfb78 - b40a5d724f29fc2eed23ff353808a9aae616b48a
Linux/Linux
6.10
... and 5 more
Published
May 08, 2026
Tracked Since
May 08, 2026