CVE-2026-43306

Source
https://cve.org/CVERecord?id=CVE-2026-43306
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43306.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43306
Downstream
Published
2026-05-08T13:11:25.624Z
Modified
2026-07-15T01:49:22.178103035Z
Summary
bpf: crypto: Use the correct destructor kfunc type
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: crypto: Use the correct destructor kfunc type

With CONFIG_CFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type mismatch when running BPF self-tests:

CFI failure at bpfobjfreefields+0x190/0x238 (target: bpfcryptoctxrelease+0x0/0x94; expected type: 0xa488ebfc) Internal error: Oops - CFI: 00000000f2008228 [#1] SMP ...

As bpfcryptoctx_release() is also used in BPF programs and using a void pointer as the argument would make the verifier unhappy, add a simple stub function with the correct type and register it as the destructor kfunc instead.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43306.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3e1c6f35409f9e447bf37f64840f5b65576bfb78
Fixed
4e3e57dbf46dad3498f8c4219ce2dba756875962
Fixed
50d6fd69388cc7b05dce72f09080674dcede4ac9
Fixed
3979a550fe06b370d73647f59cf462fa525c9ec4
Fixed
b40a5d724f29fc2eed23ff353808a9aae616b48a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43306.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43306.json"