What is GHSA-mx29-fw97-m6gr?

GHSA-mx29-fw97-m6gr is a security advisory published by GitHub Security Advisories with unknown severity. In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for...

Which CVE IDs does GHSA-mx29-fw97-m6gr cover?

GHSA-mx29-fw97-m6gr covers the following CVE IDs: CVE-2026-45927. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-mx29-fw97-m6grunknown

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-45927 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: Require frozen map for calculating map hash

Currently, bpf_map_get_info_by_fd calculates and caches the hash of the map regardless of the map's frozen state.

This leads to a TOCTOU bug where userspace can call BPF_OBJ_GET_INFO_BY_FD to cache the hash and then modify the map contents before freezing.

Therefore, a trusted loader can be tricked into verifying the stale hash while loading the modified contents.

Fix this by returning -EPERM if the map is not frozen when the hash is requested. This ensures the hash is only generated for the final, immutable state of the map.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-45927
https://git.kernel.org/stable/c/7752d36343862323bbeea4ce3adf0ec2ed86e122
https://git.kernel.org/stable/c/a2c86aa621c22f2a7e26c654f936d65cfff0aa91
https://git.kernel.org/stable/c/f415e114b58fe02c41191e47f24bdabb438daf72
https://github.com/advisories/GHSA-mx29-fw97-m6gr