{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53076","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.383Z","datePublished":"2026-06-24T16:30:17.092Z","dateUpdated":"2026-06-28T06:39:01.404Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-28T06:39:01.404Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix OOB in pcpu_init_value\n\nAn out-of-bounds read occurs when copying element from a\nBPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the\nsame value_size that is not rounded up to 8 bytes.\n\nThe issue happens when:\n1. A CGROUP_STORAGE map is created with value_size not aligned to\n   8 bytes (e.g., 4 bytes)\n2. A pcpu map is created with the same value_size (e.g., 4 bytes)\n3. Update element in 2 with data in 1\n\npcpu_init_value assumes that all sources are rounded up to 8 bytes,\nand invokes copy_map_value_long to make a data copy, However, the\nassumption doesn't stand since there are some cases where the source\nmay not be rounded up to 8 bytes, e.g., CGROUP_STORAGE, skb->data.\nthe verifier verifies exactly the size that the source claims, not\nthe size rounded up to 8 bytes by kernel, an OOB happens when the\nsource has only 4 bytes while the copy size(4) is rounded up to 8."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/hashtab.c"],"versions":[{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e19c5ed9f1922a6854073f8651a63fa7be26e9e9","status":"affected","versionType":"git"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e0378419b0e20178b5d100b27c9cc7e51064202e","status":"affected","versionType":"git"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"6086079e6d1c32ba4c4b422612b8aebb1129a96c","status":"affected","versionType":"git"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"634a793d0e1c822412095d25a1338f8831ad894c","status":"affected","versionType":"git"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"576afddfee8d1108ee299bf10f581593540d1a36","status":"affected","versionType":"git"},{"version":"c602ad2b52dcbca5af08e5137bd5575c039b52e3","status":"affected","versionType":"git"},{"version":"ab68b940dd6f7b5f8e2557937162dcb8a0583a05","status":"affected","versionType":"git"},{"version":"5.4.78","lessThan":"5.5","status":"affected","versionType":"semver"},{"version":"5.9.9","lessThan":"5.10","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/hashtab.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.6.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.12.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.18.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e19c5ed9f1922a6854073f8651a63fa7be26e9e9"},{"url":"https://git.kernel.org/stable/c/e0378419b0e20178b5d100b27c9cc7e51064202e"},{"url":"https://git.kernel.org/stable/c/6086079e6d1c32ba4c4b422612b8aebb1129a96c"},{"url":"https://git.kernel.org/stable/c/634a793d0e1c822412095d25a1338f8831ad894c"},{"url":"https://git.kernel.org/stable/c/576afddfee8d1108ee299bf10f581593540d1a36"}],"title":"bpf: Fix OOB in pcpu_init_value","x_generator":{"engine":"bippy-1.2.0"}}}}