CVE-2026-45839

medium Red Hat
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's BPF (Berkeley Packet Filter) CO-RE (Compile Once - Run Everywhere) accessor parsing. A local attacker with CAP_BPF capabilities could craft a malicious BPF program that uses negative CO-RE accessor indices. This input validation vulnerability allows for an out-of-bounds read, leading to a kernel crash and a denial of service.

CWE

CWE-125

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References