{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45838", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.077Z", "datePublished": "2026-05-27T09:24:36.561Z", "dateUpdated": "2026-06-01T16:16:20.101Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-01T16:16:20.101Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix end-of-list detection in cgroup_storage_get_next_key()\n\nlist_next_entry() never returns NULL -- when the current element is the\nlast entry it wraps to the list head via container_of(). The subsequent\nNULL check is therefore dead code and get_next_key() never returns\n-ENOENT for the last element, instead reading storage->key from a bogus\npointer that aliases internal map fields and copying the result to\nuserspace.\n\nReplace it with list_entry_is_head() so the function correctly returns\n-ENOENT when there are no more entries."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/local_storage.c"], "versions": [{"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "0f3d9dd5e1fd52b39e25328307c6a694e994ffe3", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "26d3339e465e54107bd85884341d1609c5300d6a", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "b4b5a20bed82130da2f2818f04d52378952fbd0b", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "85a2f30e40f7468db732f55659bc6318874f49af", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "32ce55d424395904986f5066f8755f6cb9993377", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "fc39753b7f92e09177777e9c648afe5aa3abb81f", "status": "affected", "versionType": "git"}, {"version": "de9cbbaadba5adf88a19e46df61f7054000838f6", "lessThan": "5828b9e5b272ecff7cf5d345128d3de7324117f7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/local_storage.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0f3d9dd5e1fd52b39e25328307c6a694e994ffe3"}, {"url": "https://git.kernel.org/stable/c/26d3339e465e54107bd85884341d1609c5300d6a"}, {"url": "https://git.kernel.org/stable/c/2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6"}, {"url": "https://git.kernel.org/stable/c/b4b5a20bed82130da2f2818f04d52378952fbd0b"}, {"url": "https://git.kernel.org/stable/c/85a2f30e40f7468db732f55659bc6318874f49af"}, {"url": "https://git.kernel.org/stable/c/32ce55d424395904986f5066f8755f6cb9993377"}, {"url": "https://git.kernel.org/stable/c/fc39753b7f92e09177777e9c648afe5aa3abb81f"}, {"url": "https://git.kernel.org/stable/c/5828b9e5b272ecff7cf5d345128d3de7324117f7"}], "title": "bpf: fix end-of-list detection in cgroup_storage_get_next_key()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix end-of-list detection in cgroup_storage_get_next_key()\n\nlist_next_entry() never returns NULL -- when the current element is the\nlast entry it wraps to the list head via container_of(). The subsequent\nNULL check is therefore dead code and get_next_key() never returns\n-ENOENT for the last element, instead reading storage->key from a bogus\npointer that aliases internal map fields and copying the result to\nuserspace.\n\nReplace it with list_entry_is_head() so the function correctly returns\n-ENOENT when there are no more entries."}], "id": "CVE-2026-45838", "lastModified": "2026-06-01T17:17:11.967", "metrics": {}, "published": "2026-05-27T11:16:23.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f3d9dd5e1fd52b39e25328307c6a694e994ffe3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/26d3339e465e54107bd85884341d1609c5300d6a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/32ce55d424395904986f5066f8755f6cb9993377"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5828b9e5b272ecff7cf5d345128d3de7324117f7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/85a2f30e40f7468db732f55659bc6318874f49af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4b5a20bed82130da2f2818f04d52378952fbd0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fc39753b7f92e09177777e9c648afe5aa3abb81f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: bpf: fix end-of-list detection in cgroup_storage_get_next_key()", "id": "2481870", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481870"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the Linux kernel. Specifically, within the Berkeley Packet Filter (BPF) component, an error in the `cgroup_storage_get_next_key()` function's end-of-list detection mechanism can cause the system to read from an invalid memory location. This incorrect handling may lead to internal map fields being copied to userspace, resulting in information disclosure."], "name": "CVE-2026-45838", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-45838\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45838\nhttps://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45838-9c3b@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[de9cbbaadba5adf88a19e46df61f7054000838f6,b4b5a20bed82130da2f2818f04d52378952fbd0b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[de9cbbaadba5adf88a19e46df61f7054000838f6,85a2f30e40f7468db732f55659bc6318874f49af)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[de9cbbaadba5adf88a19e46df61f7054000838f6,32ce55d424395904986f5066f8755f6cb9993377)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[de9cbbaadba5adf88a19e46df61f7054000838f6,fc39753b7f92e09177777e9c648afe5aa3abb81f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[de9cbbaadba5adf88a19e46df61f7054000838f6,5828b9e5b272ecff7cf5d345128d3de7324117f7)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,4.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.141,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.91,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.33,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.10,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T11:45:15.405261+00:00", "updated": "2026-05-28T06:30:10.757194+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}