CVE-2026-23383
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
struct bpf_plt contains a u64 target field. Currently, the BPF JIT allocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT buffer.
Because the base address of the JIT buffer can be 4-byte aligned (e.g., ending in 0x4 or 0xc), the relative padding logic in build_plt() fails to ensure that target lands on an 8-byte boundary.
This leads to two issues: 1. UBSAN reports misaligned-access warnings when dereferencing the structure. 2. More critically, target is updated concurrently via WRITE_ONCE() in bpf_arch_text_poke() while the JIT'd code executes ldr. On arm64, 64-bit loads/stores are only guaranteed to be single-copy atomic if they are 64-bit aligned. A misaligned target risks a torn read, causing the JIT to jump to a corrupted address.
Fix this by increasing the allocation alignment requirement to 8 bytes (sizeof(u64)) in bpf_jit_binary_pack_alloc(). This anchors the base of the JIT buffer to an 8-byte boundary, allowing the relative padding math in build_plt() to correctly align the target field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
38cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.0.1,<6.12.77
- cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- osv-coords29 versionspkg:linux/kernelpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1
>= 6.0.0, < 6.12.77+ 28 more
- (no CPE)range: >= 6.0.0, < 6.12.77
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.4.0-41.1.21.18
- (no CPE)range: < 6.4.0-41.1.21.18
- (no CPE)range: < 6.12.0-160000.27.1.160000.2.8
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.4.0-41.1
- (no CPE)range: < 6.12.0-160000.28.1
- (no CPE)range: < 6.4.0-41.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.