What is CVE-2026-45886?

CVE-2026-45886 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.18 onward and patched in 6.1.165, 6.6.128, 6.12.75 and others. CVE-2026-45886 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-45886?

CVE-2026-45886 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-45886?

Yes, CVE-2026-45886 has been patched. Fixed versions include 6.1.165, 6.6.128, 6.12.75 and others. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-45886 actively exploited?

CVE-2026-45886 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-45886

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_xdp_store_bytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpf_xdp_store_bytes proto is incorrect. In particular, the verifier was throwing the following error: ; ret = ctx_store_bytes(ctx, l3_off + offsetof(struct iphdr, saddr), &nat->address, 4, 0); 635: (79) r1 = *(u64 *)(r10 -144) ; R1=ctx() R10=fp0 fp-144=ctx() 636: (b4) w2 = 26 ; R2=26 637: (b4) w4 = 4 ; R4=4 638: (b4) w5 = 0 ; R5=0 639: (85) call bpf_xdp_store_bytes#190 write into map forbidden, value_size=6 off=0 size=4 nat comes from a BPF_F_RDONLY_PROG map, so R3 is a PTR_TO_MAP_VALUE. The verifier checks the helper's memory access to R3 in check_mem_size_reg, as it reaches ARG_CONST_SIZE argument. The third argument has expected type ARG_PTR_TO_UNINIT_MEM, which includes the MEM_WRITE flag. The verifier thus checks for a BPF_WRITE access on R3. Given R3 points to a read-only map, the check fails. Conversely, ARG_PTR_TO_UNINIT_MEM can also lead to the helper reading from uninitialized memory. This patch simply fixes the expected argument type to match that of bpf_skb_store_bytes.

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 5.18 and later are affected. Fixed in 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0 and their respective stable series.

Affected from

≥ 5.18

Fixed in

✓ 6.1.165 6.1.x ✓ 6.6.128 6.6.x ✓ 6.12.75 6.12.x ✓ 6.18.14 6.18.x ✓ 6.19.4 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-45886 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0db169a91381a473b7974021d1c02f8da72c5775
Patch
Kernel patch commit
https://git.kernel.org/stable/c/57f7f6a0ad04a65c8a7a067b2f56cbbf2aec9e52
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6557f1565d779851c4db9c488c49c05a47a6e72f
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-45886?

CVE-2026-45886 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.18 onward and has been patched in 6.1.165, 6.6.128, 6.12.75 and others. CVE-2026-45886 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-45886?

Yes — CVE-2026-45886 has been patched. Fixed versions include 6.1.165, 6.6.128, 6.12.75 and others. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-45886 actively exploited?

No — CVE-2026-45886 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.