CVE-2026-23417

EUVD-2026-18200
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix constant blinding for PROBE_MEM32 stores

BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled by
bpf_jit_blind_insn(), allowing user-controlled 32-bit immediates to
survive unblinded into JIT-compiled native code when bpf_jit_harden >= 1.

The root cause is that convert_ctx_accesses() rewrites BPF_ST|BPF_MEM
to BPF_ST|BPF_PROBE_MEM32 for arena pointer stores during verification,
before bpf_jit_blind_constants() runs during JIT compilation. The
blinding switch only matches BPF_ST|BPF_MEM (mode 0x60), not
BPF_ST|BPF_PROBE_MEM32 (mode 0xa0). The instruction falls through
unblinded.

Add BPF_ST|BPF_PROBE_MEM32 cases to bpf_jit_blind_insn() alongside the
existing BPF_ST|BPF_MEM cases. The blinding transformation is identical:
load the blinded immediate into BPF_REG_AX via mov+xor, then convert
the immediate store to a register store (BPF_STX).

The rewritten STX instruction must preserve the BPF_PROBE_MEM32 mode so
the architecture JIT emits the correct arena addressing (R12-based on
x86-64). Cannot use the BPF_STX_MEM() macro here because it hardcodes
BPF_MEM mode; construct the instruction directly instead.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.9.1 ≤
𝑥
< 6.12.80
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.21
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.11
linuxlinux_kernel
6.9
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.259-1
fixed
forky
7.0.13-1
fixed
sid
7.0.14-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.12
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
bpftool6.18
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel-livepatch-6.12.80-105.147
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.18.25-52.107
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-libbpf
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-libbpf-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-libbpf-devel
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-libbpf-static
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.80-105.147.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-52.107.amzn2023
fixed