CVE-2026-43010
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability in the Linux kernel's BPF subsystem allowed attaching sleepable kprobe.multi programs to atomic/RCU contexts. The bpf_kprobe_multi_link_attach() function lacked validation of the sleepable flag, enabling sleepable helpers like bpf_copy_from_user() to be called from non-sleepable context, causing a kernel splat.
Risk Assessment
The organization risks system crashes (kernel panic) or unpredictable kernel behavior when executing BPF programs, potentially leading to service disruption or data loss.
Recommendation
Immediately update the Linux kernel to a version containing the fix that rejects sleepable kprobe.multi programs at attach time. Check your distribution for the patch and apply it as part of your vulnerability management process.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobe_multi programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpf_kprobe_multi_link_attach() did not validate whether the program being attached had the sleepable flag set, allowing sleepable helpers such as bpf_copy_from_user() to be invoked from a non-sleepable context. This causes a "sleeping function called from invalid context" splat: BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:169 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1787, name: sudo preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 0 Fix this by rejecting sleepable programs early in bpf_kprobe_multi_link_attach(), before any further processing.

