cve 2026 43010

CVE-2026-43010 is a Linux kernel eBPF vulnerability affecting kprobe.multi attachment handling, where sleepable BPF programs could be accepted in atomic or RCU context, potentially causing a kernel availability failure. Published by NVD on May 1, 2026, this bug is not a remote code execution issue but a kernel boundary mistake that matters in modern Linux and Windows-adjacent infrastructure. It sits at the intersection of observability, security tooling, container platforms, WSL, and the growing reliance on eBPF as a privileged instrumentation layer. The key takeaway is that when BPF becomes infrastructure, BPF correctness becomes availability engineering.