In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix NULL deref in mapkptrmatch_type for scalar regs
Commit ab6c637ad027 ("bpf: Fix a bpfkptrxchg() issue with local kptr") refactored mapkptrmatchtype() to branch on btfiskernel() before checking basetype(). A scalar register stored into a kptr slot has no btf, so the btfiskernel(reg->btf) call dereferences NULL.
Move the basetype() != PTRTOBTFID guard before any reg->btf access.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53032.json"
}