CVE-2026-43070

UNKNOWN 0.0

bpf: Reset register ID for BPF_END value tracking

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is mutated in-place. If this register previously shared a scalar ID with another register (e.g., after an `r1 = r0` assignment), this tie must be broken. Currently, the verifier misses resetting `dst_reg->id` to 0 for BPF_END. Consequently, if a conditional jump checks the swapped register, the verifier incorrectly propagates the learned bounds to the linked register, leading to false confidence in the linked register's value and potentially allowing out-of-bounds memory accesses. Fix this by explicitly resetting `dst_reg->id` to 0 in the BPF_END case to break the scalar tie, similar to how BPF_NEG handles it via `__mark_reg_known`.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

4c03342e5ac532fb34d13a7b51dd7261dfc48963 < a17443af874229408ce6b78e2c8a2b5adeb4b7d8 d00ce96623a69a100ad79675d0e85fda3c50d89b < 0d15c3611a2cc5d08993545d4032055ae10ae2c1 9d21199842247ab05c675fb9b6c6ca393a5c0024 < a3125bc01884431d30d731461634c8295b6f0529

Linux / Linux

6.18.17 < 6.18.21 6.19.7 < 6.19.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/a17443af874229408ce6b78e2c8a2b5adeb4b7d8 git.kernel.org: https://git.kernel.org/stable/c/0d15c3611a2cc5d08993545d4032055ae10ae2c1 git.kernel.org: https://git.kernel.org/stable/c/a3125bc01884431d30d731461634c8295b6f0529