CVE-2026-45838
- Source
- https://cve.org/CVERecord?id=CVE-2026-45838
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45838.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-45838
- Downstream
- Related
- Published
- 2026-05-27T09:24:36.561Z
- Modified
- 2026-06-05T18:29:34.999573080Z
- Summary
- bpf: fix end-of-list detection in cgroup_storage_get_next_key()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix end-of-list detection in cgroupstoragegetnextkey()
listnextentry() never returns NULL -- when the current element is the last entry it wraps to the list head via containerof(). The subsequent NULL check is therefore dead code and getnext_key() never returns -ENOENT for the last element, instead reading storage->key from a bogus pointer that aliases internal map fields and copying the result to userspace.
Replace it with listentryis_head() so the function correctly returns -ENOENT when there are no more entries.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45838.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0f3d9dd5e1fd52b39e25328307c6a694e994ffe3
- https://git.kernel.org/stable/c/26d3339e465e54107bd85884341d1609c5300d6a
- https://git.kernel.org/stable/c/2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6
- https://git.kernel.org/stable/c/32ce55d424395904986f5066f8755f6cb9993377
- https://git.kernel.org/stable/c/5828b9e5b272ecff7cf5d345128d3de7324117f7
- https://git.kernel.org/stable/c/85a2f30e40f7468db732f55659bc6318874f49af
- https://git.kernel.org/stable/c/b4b5a20bed82130da2f2818f04d52378952fbd0b
- https://git.kernel.org/stable/c/fc39753b7f92e09177777e9c648afe5aa3abb81f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45838.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-45838
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedde9cbbaadba5adf88a19e46df61f7054000838f6Fixed0f3d9dd5e1fd52b39e25328307c6a694e994ffe3Fixed26d3339e465e54107bd85884341d1609c5300d6aFixed2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6Fixedb4b5a20bed82130da2f2818f04d52378952fbd0bFixed85a2f30e40f7468db732f55659bc6318874f49afFixed32ce55d424395904986f5066f8755f6cb9993377Fixedfc39753b7f92e09177777e9c648afe5aa3abb81fFixed5828b9e5b272ecff7cf5d345128d3de7324117f7
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.19.0Fixed5.10.258
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.209
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.141
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.91
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.33
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed7.0.10