CVE-2026-43321

HIGH

bpf: Properly mark live registers for indirect jumps

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the compute_insn_live_regs() function. Fix this.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/df02c3ff3be4bf998812c8c8e79d10db1329d535

https://git.kernel.org/stable/c/7beae54111c34ca63357ef120e115889b915beb5

https://git.kernel.org/stable/c/d1aab1ca576c90192ba961094d51b0be6355a4d6

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (12)

Linux/Linux < 6.19

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 7beae54111c34ca63357ef120e115889b915beb5

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - d1aab1ca576c90192ba961094d51b0be6355a4d6

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - df02c3ff3be4bf998812c8c8e79d10db1329d535

Linux/Linux 493d9e0d608339a32f568504d5fd411a261bb0af - 7beae54111c34ca63357ef120e115889b915beb5

Linux/Linux 493d9e0d608339a32f568504d5fd411a261bb0af - d1aab1ca576c90192ba961094d51b0be6355a4d6

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

... and 2 more

Published May 08, 2026

Tracked Since May 08, 2026