In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix linked reg delta tracking when srcreg == dstreg
Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals(). The latter first modifies the dstreg in-place, and later in the delta tracking, the subsequent isregconst(srcreg)/regconstvalue(src_reg) reads the post-{add,sub} value instead of the original source.
This is problematic since it sets an incorrect delta, which synclinkedregs() then propagates to linked registers, thus creating a verifier-vs-runtime mismatch. Fix it by just skipping this corner case.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53092.json"
}