bpf: fix end-of-list detection in cgroup_storage_get_next_key()

Summary

CVE	CVE-2026-45838
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-27 11:16:23 UTC
Updated	2026-06-01 17:17:11 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_get_next_key() list_next_entry() never returns NULL -- when the current element is the last entry it wraps to the list head via container_of(). The subsequent NULL check is therefore dead code and get_next_key() never returns -ENOENT for the last element, instead reading storage->key from a bogus pointer that aliases internal map fields and copying the result to userspace. Replace it with list_entry_is_head() so the function correctly returns -ENOENT when there are no more entries.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.097530000 (date 2026-06-02)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 0f3d9dd5e1fd52b39e25328307c6a694e994ffe3 git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 26d3339e465e54107bd85884341d1609c5300d6a git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6 git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 b4b5a20bed82130da2f2818f04d52378952fbd0b git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 85a2f30e40f7468db732f55659bc6318874f49af git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 32ce55d424395904986f5066f8755f6cb9993377 git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 fc39753b7f92e09177777e9c648afe5aa3abb81f git	Not specified
CNA	Linux	Linux	affected de9cbbaadba5adf88a19e46df61f7054000838f6 5828b9e5b272ecff7cf5d345128d3de7324117f7 git	Not specified
CNA	Linux	Linux	affected 4.19	Not specified
CNA	Linux	Linux	unaffected 4.19 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.258 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.141 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.91 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.33 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.10 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1-rc1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/b4b5a20bed82130da2f2818f04d52378952fbd0b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/26d3339e465e54107bd85884341d1609c5300d6a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/32ce55d424395904986f5066f8755f6cb9993377	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/fc39753b7f92e09177777e9c648afe5aa3abb81f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0f3d9dd5e1fd52b39e25328307c6a694e994ffe3	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/85a2f30e40f7468db732f55659bc6318874f49af	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5828b9e5b272ecff7cf5d345128d3de7324117f7	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.