PatchSiren cyber security CVE debrief
CVE-2026-45971 Linux CVE debrief
A vulnerability in the Linux kernel's BPF subsystem allowed excessive BPF program signature sizes to trigger expensive allocation paths. The fix limits signature sizes to prevent abuse via kmalloc_large or vmalloc.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Linux system administrators, kernel maintainers, security teams operating eBPF-based observability or security tooling, and organizations with custom BPF program loading workflows
Technical summary
The Linux kernel's BPF subsystem did not enforce practical limits on BPF program signature sizes. Attackers could supply excessive size values to force the kernel into expensive allocation paths (kmalloc_large or vmalloc), potentially causing resource exhaustion or performance degradation. The resolution limits signature sizes to values significantly smaller than KMALLOC_MAX_CACHE_SIZE, aligning with practical signature dimensions and preventing abuse of large allocation mechanisms.
Defensive priority
medium
Recommended defensive actions
- Apply kernel updates from stable branches when available
- Monitor for BPF-related resource exhaustion anomalies
- Review BPF program loading permissions and audit signature sizes in use
Evidence notes
CVE published 2026-05-27. Kernel commit references indicate stable branch fixes. No CVSS score assigned by NVD at time of disclosure.
Official resources
-
CVE-2026-45971 CVE record
CVE.org
-
CVE-2026-45971 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-05-27