In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix abuse of kprobewritectx via freplace
uprobe programs are allowed to modify struct pt_regs.
Since the actual program type of uprobe is KPROBE, it can be abused to modify struct pt_regs via kprobe+freplace when the kprobe attaches to kernel functions.
For example,
SEC("?kprobe") int kprobe(struct pt_regs *regs) { return 0; }
SEC("?freplace") int freplacekprobe(struct ptregs *regs) { regs->di = 0; return 0; }
freplace_kprobe prog will attach to kprobe prog. kprobe prog will attach to a kernel function.
Without this patch, when the kernel function runs, its first arg will always be set as 0 via the freplace_kprobe prog.
To fix the abuse of kprobewritectx=true via kprobe+freplace, disallow attaching freplace programs on kprobe programs with different kprobewritectx values.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53095.json",
"cna_assigner": "Linux"
}