Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-43333— bpf: reject direct access to nullable PTR_TO_BUF pointers

AI Predicted 5.6 Difficulty: Hard EPSS 0.12% · P2

Affected Version Matrix 19

VendorProductVersion RangeStatus
LinuxLinuxb453361384c2db1c703dacb806d5fd36aec4ceca< 10bc4a4dcded509c5d5c67d497900c3922c604cdaffected
20b2aff4bc15bda809f994761d5719827d66c0b4< 21a10c06ffae24cb01fd174a7ab7736001d2ea56affected
20b2aff4bc15bda809f994761d5719827d66c0b4< 8755066f7bd0f4ac46a29d1708c7b20894539252affected
20b2aff4bc15bda809f994761d5719827d66c0b4< 70abd9d118da2f56beb4ec22e3a29becae373535affected
20b2aff4bc15bda809f994761d5719827d66c0b4< 63276547debc4d8a73eefb2c5273b2a905c961b0affected
20b2aff4bc15bda809f994761d5719827d66c0b4< 4f6c99dc0420f1a3d671c1b8ab8a7ac84d9cba09affected
20b2aff4bc15bda809f994761d5719827d66c0b4< b0db1accbc7395657c2b79db59fa9fae0d6656f3affected
e982070f8970bb62e69ed7c9cafff886ed200349affected
… +11 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43333

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
bpf: reject direct access to nullable PTR_TO_BUF pointers
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx->key and ctx->value are PTR_TO_BUF | PTR_MAYBE_NULL. On stop callbacks these are NULL, causing a kernel NULL dereference. Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the existing PTR_TO_BTF_ID pattern.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于BPF中check_mem_access函数通过base_type匹配PTR_TO_BUF指针时未检查PTR_MAYBE_NULL标志,允许直接解引用空指针,导致内核空指针解引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux b453361384c2db1c703dacb806d5fd36aec4ceca ~ 10bc4a4dcded509c5d5c67d497900c3922c604cd -
LinuxLinux 5.17 -

II. Public POCs for CVE-2026-43333

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43333

登录查看更多情报信息。

Patches & Fixes for CVE-2026-43333 (7)

Same Patch Batch · Linux · 2026-05-08 · 197 CVEs total

CVE-2026-434029.8 CRITICALkthread: consolidate kthread exit paths to prevent use-after-free
CVE-2026-433849.8 CRITICALnet/tcp-ao: Fix MAC comparison to be constant-time
CVE-2026-434149.8 CRITICALscsi: qla2xxx: Completely fix fcport double free
CVE-2026-433049.8 CRITICALlibceph: define and enforce CEPH_MAX_KEY_LEN
CVE-2026-433419.8 CRITICALnet/ipv6: ioam6: prevent schema length wraparound in trace fill
CVE-2026-433769.8 CRITICALksmbd: fix use-after-free by using call_rcu() for oplock_info
CVE-2026-433789.8 CRITICALsmb: server: fix use-after-free in smb2_open()
CVE-2026-433799.8 CRITICALksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
CVE-2026-434659.8 CRITICALnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
CVE-2026-433839.4 CRITICALnet/tcp-md5: Fix MAC comparison to be constant-time
CVE-2026-434079.1 CRITICALlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
CVE-2026-434069.1 CRITICALlibceph: prevent potential out-of-bounds reads in process_message_header()
CVE-2026-432848.8 HIGHxfrm: esp: avoid in-place decrypt on shared skb frags
CVE-2026-434038.8 HIGHnsfs: tighten permission checks for ns iteration ioctls
CVE-2026-433348.8 HIGHBluetooth: SMP: force responder MITM requirements before building the pairing response
CVE-2026-433228.8 HIGHBluetooth: hci_sync: Fix UAF in le_read_features_complete
CVE-2026-433918.8 HIGHnsfs: tighten permission checks for handle opening
CVE-2026-432918.3 HIGHnet: nfc: nci: Fix parameter validation for packet data
CVE-2026-433658.2 HIGHxfs: fix undersized l_iclog_roundoff values
CVE-2026-434528.2 HIGHnetfilter: x_tables: guard option walkers against 1-byte tail reads

Showing top 20 of 197 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-43333

No comments yet


Leave a comment