U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2026-53076

Change History

New CVE Received from kernel.org 6/24/2026 1:17:21 PM

Action Type Old Value New Value
Added Description

                  
                
              
In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix OOB in pcpu_init_value

An out-of-bounds read occurs when copying element from a
BPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the
same value_size that is not rounded up to 8 bytes.

The issue happens when:
1. A CGROUP_STORAGE map is created with value_size not aligned to
   8 bytes (e.g., 4 bytes)
2. A pcpu map is created with the same value_size (e.g., 4 bytes)
3. Update element in 2 with data in 1

pcpu_init_value assumes that all sources are rounded up to 8 bytes,
and invokes copy_map_value_long to make a data copy, However, the
assumption doesn't stand since there are some cases where the source
may not be rounded up to 8 bytes, e.g., CGROUP_STORAGE, skb->data.
the verifier verifies exactly the size that the source claims, not
the size rounded up to 8 bytes by kernel, an OOB happens when the
source has only 4 bytes while the copy size(4) is rounded up to 8.
Added Reference

                  
                
              
https://git.kernel.org/stable/c/576afddfee8d1108ee299bf10f581593540d1a36
Added Reference

                  
                
              
https://git.kernel.org/stable/c/6086079e6d1c32ba4c4b422612b8aebb1129a96c
Added Reference

                  
                
              
https://git.kernel.org/stable/c/634a793d0e1c822412095d25a1338f8831ad894c
Added Reference

                  
                
              
https://git.kernel.org/stable/c/e0378419b0e20178b5d100b27c9cc7e51064202e
Added Reference

                  
                
              
https://git.kernel.org/stable/c/e19c5ed9f1922a6854073f8651a63fa7be26e9e9
Added Affected

                  
                
              
[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/hashtab.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e19c5ed9f1922a6854073f8651a63fa7be26e9e9","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e0378419b0e20178b5d100b27c9cc7e51064202e","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"6086079e6d1c32ba4c4b422612b8aebb1129a96c","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"634a793d0e1c822412095d25a1338f8831ad894c","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"576afddfee8d1108ee299bf10f581593540d1a36","versionType":"git","status":"affected"},{"version":"c602ad2b52dcbca5af08e5137bd5575c039b52e3","versionType":"git","status":"affected"},{"version":"ab68b940dd6f7b5f8e2557937162dcb8a0583a05","versionType":"git","status":"affected"},{"version":"5.4.78","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.9.9","lessThan":"5.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/hashtab.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]