{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53099", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.384Z", "datePublished": "2026-06-24T16:30:36.549Z", "dateUpdated": "2026-06-24T16:30:36.549Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:30:36.549Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI\n\nThis was renamed in commit 23ef9d439769 (\"kcfi: Rename CONFIG_CFI_CLANG\nto CONFIG_CFI\") as it is now a compiler-agnostic option. Using the wrong\nname results in the code getting compiled out. Meaning the CFI failures\nfor btf_dtor_kfunc_t would still trigger."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/btf.c"], "versions": [{"version": "99fde4d0626176d03cea35c64a063df73816e64d", "lessThan": "f74fce43dbc059e059b5346a670f697c0e97b1d0", "status": "affected", "versionType": "git"}, {"version": "99fde4d0626176d03cea35c64a063df73816e64d", "lessThan": "9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/btf.c"], "versions": [{"version": "7.0", "status": "affected"}, {"version": "0", "lessThan": "7.0", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f74fce43dbc059e059b5346a670f697c0e97b1d0"}, {"url": "https://git.kernel.org/stable/c/9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b"}], "title": "bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI", "id": "2492384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492384"}, "csaw": false, "cwe": "CWE-358", "details": ["A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity (CFI), a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not being active. This could allow attackers to bypass security safeguards that CFI is meant to provide."], "name": "CVE-2026-53099", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53099\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53099\nhttps://lore.kernel.org/linux-cve-announce/2026062411-CVE-2026-53099-5d79@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99fde4d0626176d03cea35c64a063df73816e64d,f74fce43dbc059e059b5346a670f697c0e97b1d0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99fde4d0626176d03cea35c64a063df73816e64d,9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.0,7.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.10,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-24T20:00:10.389414+00:00", "updated": "2026-06-25T13:30:15.851247+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-358", "CWE-640", "CWE-704"]}