CVE-2026-45927

Source
https://cve.org/CVERecord?id=CVE-2026-45927
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45927.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45927
Downstream
Published
2026-05-27T12:17:46.284Z
Modified
2026-07-15T01:49:06.811572371Z
Summary
bpf: Require frozen map for calculating map hash
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Require frozen map for calculating map hash

Currently, bpfmapgetinfoby_fd calculates and caches the hash of the map regardless of the map's frozen state.

This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBY_FD to cache the hash and then modify the map contents before freezing.

Therefore, a trusted loader can be tricked into verifying the stale hash while loading the modified contents.

Fix this by returning -EPERM if the map is not frozen when the hash is requested. This ensures the hash is only generated for the final, immutable state of the map.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45927.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ea2e6467ac36bf3d785defc89e58269b15d182f7
Fixed
7752d36343862323bbeea4ce3adf0ec2ed86e122
Fixed
f415e114b58fe02c41191e47f24bdabb438daf72
Fixed
a2c86aa621c22f2a7e26c654f936d65cfff0aa91

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45927.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45927.json"