{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43306","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:56.000Z","datePublished":"2026-05-08T13:11:25.624Z","dateUpdated":"2026-05-11T22:22:00.468Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:22:00.468Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: crypto: Use the correct destructor kfunc type\n\nWith CONFIG_CFI enabled, the kernel strictly enforces that indirect\nfunction calls use a function pointer type that matches the target\nfunction. I ran into the following type mismatch when running BPF\nself-tests:\n\n  CFI failure at bpf_obj_free_fields+0x190/0x238 (target:\n    bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc)\n  Internal error: Oops - CFI: 00000000f2008228 [#1]  SMP\n  ...\n\nAs bpf_crypto_ctx_release() is also used in BPF programs and using\na void pointer as the argument would make the verifier unhappy, add\na simple stub function with the correct type and register it as the\ndestructor kfunc instead."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/crypto.c"],"versions":[{"version":"3e1c6f35409f9e447bf37f64840f5b65576bfb78","lessThan":"4e3e57dbf46dad3498f8c4219ce2dba756875962","status":"affected","versionType":"git"},{"version":"3e1c6f35409f9e447bf37f64840f5b65576bfb78","lessThan":"50d6fd69388cc7b05dce72f09080674dcede4ac9","status":"affected","versionType":"git"},{"version":"3e1c6f35409f9e447bf37f64840f5b65576bfb78","lessThan":"3979a550fe06b370d73647f59cf462fa525c9ec4","status":"affected","versionType":"git"},{"version":"3e1c6f35409f9e447bf37f64840f5b65576bfb78","lessThan":"b40a5d724f29fc2eed23ff353808a9aae616b48a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/crypto.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4e3e57dbf46dad3498f8c4219ce2dba756875962"},{"url":"https://git.kernel.org/stable/c/50d6fd69388cc7b05dce72f09080674dcede4ac9"},{"url":"https://git.kernel.org/stable/c/3979a550fe06b370d73647f59cf462fa525c9ec4"},{"url":"https://git.kernel.org/stable/c/b40a5d724f29fc2eed23ff353808a9aae616b48a"}],"title":"bpf: crypto: Use the correct destructor kfunc type","x_generator":{"engine":"bippy-1.2.0"}}}}