Linux Kernel BPF Signal Handling Vulnerability in Non-Preemptible Contexts

Vulnerability

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation allows for improper signal handling in non-preemptible contexts. When a BPF program running in such a context calls the bpf_send_signal() kfunc, it can lead to issues because this function is designed to sleep. The vulnerability arises from the BPF program's ability to execute in various contexts, including non-preemptible ones.

Impact

Exploitation of this vulnerability can disrupt the intended asynchronous signal handling in BPF programs, potentially leading to unexpected behavior or system instability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel BPF Signal Handling Vulnerability in Non-Preemptible Contexts

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating