In the Linux kernel, the following vulnerability has been resolved:
bpf: Require frozen map for calculating map hash
Currently, bpfmapgetinfoby_fd calculates and caches the hash of the map regardless of the map's frozen state.
This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBY_FD to cache the hash and then modify the map contents before freezing.
Therefore, a trusted loader can be tricked into verifying the stale hash while loading the modified contents.
Fix this by returning -EPERM if the map is not frozen when the hash is requested. This ensures the hash is only generated for the final, immutable state of the map.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45927.json"
}