CVE-2026-53092

UNKNOWN 0.0

bpf: Fix linked reg delta tracking when src_reg == dst_reg

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when src_reg == dst_reg Consider the case of rX += rX where src_reg and dst_reg are pointers to the same bpf_reg_state in adjust_reg_min_max_vals(). The latter first modifies the dst_reg in-place, and later in the delta tracking, the subsequent is_reg_const(src_reg)/reg_const_value(src_reg) reads the post-{add,sub} value instead of the original source. This is problematic since it sets an incorrect delta, which sync_linked_regs() then propagates to linked registers, thus creating a verifier-vs-runtime mismatch. Fix it by just skipping this corner case.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

98d7ca374ba4b39e7535613d40e159f09ca14da2 < d88e8e4a3b52bd5b2ff3eceba4b29d1b5506d066 98d7ca374ba4b39e7535613d40e159f09ca14da2 < cc86a8b0a1c54d2bccf6f68cf49b82dea91b84de 98d7ca374ba4b39e7535613d40e159f09ca14da2 < d7f14173c0d5866c3cae759dee560ad1bed10d2e

Linux / Linux

6.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/d88e8e4a3b52bd5b2ff3eceba4b29d1b5506d066 git.kernel.org: https://git.kernel.org/stable/c/cc86a8b0a1c54d2bccf6f68cf49b82dea91b84de git.kernel.org: https://git.kernel.org/stable/c/d7f14173c0d5866c3cae759dee560ad1bed10d2e