CVE-2026-43333 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx->key and ctx->value are PTR_TO_BUF | PTR_MAYBE_NULL. On stop callbacks these are NULL, causing a kernel NULL dereference. Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the existing PTR_TO_BTF_ID pattern.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/10bc4a4dcded509c5d5c67d497900c3922c604cd
https://git.kernel.org/stable/c/21a10c06ffae24cb01fd174a7ab7736001d2ea56
https://git.kernel.org/stable/c/4f6c99dc0420f1a3d671c1b8ab8a7ac84d9cba09
https://git.kernel.org/stable/c/63276547debc4d8a73eefb2c5273b2a905c961b0
https://git.kernel.org/stable/c/70abd9d118da2f56beb4ec22e3a29becae373535
https://git.kernel.org/stable/c/8755066f7bd0f4ac46a29d1708c7b20894539252
https://git.kernel.org/stable/c/b0db1accbc7395657c2b79db59fa9fae0d6656f3

History

Fri, 08 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx->key and ctx->value are PTR_TO_BUF \| PTR_MAYBE_NULL. On stop callbacks these are NULL, causing a kernel NULL dereference. Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the existing PTR_TO_BTF_ID pattern.
Title		bpf: reject direct access to nullable PTR_TO_BUF pointers
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/10bc4a4dcded509c5d5c67d497900c3922c604cd https://git.kernel.org/stable/c/21a10c06ffae24cb01fd174a7ab7736001d2ea56 https://git.kernel.org/stable/c/4f6c99dc0420f1a3d671c1b8ab8a7ac84d9cba09 https://git.kernel.org/stable/c/63276547debc4d8a73eefb2c5273b2a905c961b0 https://git.kernel.org/stable/c/70abd9d118da2f56beb4ec22e3a29becae373535 https://git.kernel.org/stable/c/8755066f7bd0f4ac46a29d1708c7b20894539252 https://git.kernel.org/stable/c/b0db1accbc7395657c2b79db59fa9fae0d6656f3

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:31:20.107Z

Updated: 2026-05-08T13:31:20.107Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43333

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:43.003

Modified: 2026-05-08T14:16:43.003

Link: CVE-2026-43333

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T21:30:05Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object