What is GHSA-q637-vrq8-p3jv?

GHSA-q637-vrq8-p3jv is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct...

Which CVE IDs does GHSA-q637-vrq8-p3jv cover?

GHSA-q637-vrq8-p3jv covers the following CVE IDs: CVE-2026-43306. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q637-vrq8-p3jv?

GHSA-q637-vrq8-p3jv has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-q637-vrq8-p3jvMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct...

Vendor

GitHub Security Advisories

Published

May 8, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-43306 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type mismatch when running BPF self-tests: CFI failure at bpf_obj_free_fields+0x190/0x238 (target: bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc) Internal error: Oops - CFI: 00000000f2008228 [#1] SMP ... As bpf_crypto_ctx_release() is also used in BPF programs and using a void pointer as the argument would make the verifier unhappy, add a simple stub function with the correct type and register it as the destructor kfunc instead.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (6)