CVE-2026-43333 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF po

CVE

CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF po

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTR_TO_BUF | PTR_MAYBE_NULL. On stop callbacks these are NULL, causing a kernel NULL dereference.

Add a type_may_be_null() guard to the PTR_TO_BUF branch, matching the existing PTR_TO_BTF_ID pattern.

MEDIUM · CVSS 5.5 EPSS 0.00013

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

7

linux kernel>= 5.15.37 and < 5.15.203
linux kernel>= 5.16.11 and < 6.1.168
linux kernel>= 6.2 and < 6.6.134
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 May 2026 · 02:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/10bc4a4dcded509c5d5c67d497900c3922c604cdPatch

https://git.kernel.org/stable/c/21a10c06ffae24cb01fd174a7ab7736001d2ea56Patch

https://git.kernel.org/stable/c/4f6c99dc0420f1a3d671c1b8ab8a7ac84d9cba09Patch

https://git.kernel.org/stable/c/63276547debc4d8a73eefb2c5273b2a905c961b0Patch

https://git.kernel.org/stable/c/70abd9d118da2f56beb4ec22e3a29becae373535Patch

https://git.kernel.org/stable/c/8755066f7bd0f4ac46a29d1708c7b20894539252Patch

Show all 7 references

https://git.kernel.org/stable/c/b0db1accbc7395657c2b79db59fa9fae0d6656f3Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin