CVE-2026-43306 (GCVE-0-2026-43306)
Vulnerability from cvelistv5
Published
2026-05-08 13:11
Modified
2026-05-11 22:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: crypto: Use the correct destructor kfunc type
With CONFIG_CFI enabled, the kernel strictly enforces that indirect
function calls use a function pointer type that matches the target
function. I ran into the following type mismatch when running BPF
self-tests:
CFI failure at bpf_obj_free_fields+0x190/0x238 (target:
bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc)
Internal error: Oops - CFI: 00000000f2008228 [#1] SMP
...
As bpf_crypto_ctx_release() is also used in BPF programs and using
a void pointer as the argument would make the verifier unhappy, add
a simple stub function with the correct type and register it as the
destructor kfunc instead.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e3e57dbf46dad3498f8c4219ce2dba756875962",
"status": "affected",
"version": "3e1c6f35409f9e447bf37f64840f5b65576bfb78",
"versionType": "git"
},
{
"lessThan": "50d6fd69388cc7b05dce72f09080674dcede4ac9",
"status": "affected",
"version": "3e1c6f35409f9e447bf37f64840f5b65576bfb78",
"versionType": "git"
},
{
"lessThan": "3979a550fe06b370d73647f59cf462fa525c9ec4",
"status": "affected",
"version": "3e1c6f35409f9e447bf37f64840f5b65576bfb78",
"versionType": "git"
},
{
"lessThan": "b40a5d724f29fc2eed23ff353808a9aae616b48a",
"status": "affected",
"version": "3e1c6f35409f9e447bf37f64840f5b65576bfb78",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.16",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.6",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: crypto: Use the correct destructor kfunc type\n\nWith CONFIG_CFI enabled, the kernel strictly enforces that indirect\nfunction calls use a function pointer type that matches the target\nfunction. I ran into the following type mismatch when running BPF\nself-tests:\n\n CFI failure at bpf_obj_free_fields+0x190/0x238 (target:\n bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc)\n Internal error: Oops - CFI: 00000000f2008228 [#1] SMP\n ...\n\nAs bpf_crypto_ctx_release() is also used in BPF programs and using\na void pointer as the argument would make the verifier unhappy, add\na simple stub function with the correct type and register it as the\ndestructor kfunc instead."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:22:00.468Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e3e57dbf46dad3498f8c4219ce2dba756875962"
},
{
"url": "https://git.kernel.org/stable/c/50d6fd69388cc7b05dce72f09080674dcede4ac9"
},
{
"url": "https://git.kernel.org/stable/c/3979a550fe06b370d73647f59cf462fa525c9ec4"
},
{
"url": "https://git.kernel.org/stable/c/b40a5d724f29fc2eed23ff353808a9aae616b48a"
}
],
"title": "bpf: crypto: Use the correct destructor kfunc type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43306",
"datePublished": "2026-05-08T13:11:25.624Z",
"dateReserved": "2026-05-01T14:12:56.000Z",
"dateUpdated": "2026-05-11T22:22:00.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…