CVE-2026-53095

UNKNOWN 0.0

bpf: Fix abuse of kprobe_write_ctx via freplace

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix abuse of kprobe_write_ctx via freplace uprobe programs are allowed to modify struct pt_regs. Since the actual program type of uprobe is KPROBE, it can be abused to modify struct pt_regs via kprobe+freplace when the kprobe attaches to kernel functions. For example, SEC("?kprobe") int kprobe(struct pt_regs *regs) { return 0; } SEC("?freplace") int freplace_kprobe(struct pt_regs *regs) { regs->di = 0; return 0; } freplace_kprobe prog will attach to kprobe prog. kprobe prog will attach to a kernel function. Without this patch, when the kernel function runs, its first arg will always be set as 0 via the freplace_kprobe prog. To fix the abuse of kprobe_write_ctx=true via kprobe+freplace, disallow attaching freplace programs on kprobe programs with different kprobe_write_ctx values.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

7384893d970ea114952aef54ad7e3d7d2ca82d4f < b312cf41b9e43f442613053f6cad39898e1baf96 7384893d970ea114952aef54ad7e3d7d2ca82d4f < 9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8 7384893d970ea114952aef54ad7e3d7d2ca82d4f < 611fe4b79af72d00d80f2223354284447daafae9

Linux / Linux

6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/b312cf41b9e43f442613053f6cad39898e1baf96 git.kernel.org: https://git.kernel.org/stable/c/9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8 git.kernel.org: https://git.kernel.org/stable/c/611fe4b79af72d00d80f2223354284447daafae9