Bug 2492384 (CVE-2026-53099)

Summary: CVE-2026-53099 kernel: bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity (CFI), a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not being active. This could allow attackers to bypass security safeguards that CFI is meant to provide.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-06-24 18:09:07 UTC
In the Linux kernel, the following vulnerability has been resolved:

bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI

This was renamed in commit 23ef9d439769 ("kcfi: Rename CONFIG_CFI_CLANG
to CONFIG_CFI") as it is now a compiler-agnostic option. Using the wrong
name results in the code getting compiled out. Meaning the CFI failures
for btf_dtor_kfunc_t would still trigger.

Comment 1 Mauro Matteo Cascella 2026-06-24 19:27:28 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062411-CVE-2026-53099-5d79@gregkh/T