CVE-2026-53099
UnknownSummary
A vulnerability in the Linux kernel related to the incorrect use of the CONFIG_CFI_CLANG option, which has been renamed to CONFIG_CFI, has been resolved. Using the wrong name can lead to the code being compiled out, resulting in CFI failures for btf_dtor_kfunc_t.
Risk Assessment
Organizations may be exposed to attacks exploiting CFI errors, potentially leading to unauthorized access or execution of malicious code. Incorrect configuration of the option may weaken system security.
Recommendation
It is recommended to update the Linux kernel to the latest version to ensure proper use of the CONFIG_CFI option. Additionally, verify the system configuration to avoid compilation errors related to CFI.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI This was renamed in commit 23ef9d439769 ("kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI") as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out. Meaning the CFI failures for btf_dtor_kfunc_t would still trigger.

