The Linux kernel’s BPF crypto subsystem contains a type-mismatch vulnerability that instantly crashes the host when Control Flow Integrity (CFI) enforcement is active. Tracked as CVE-2026-43306 and published by the National Vulnerability Database on May 8, 2026, the flaw resides in a kfunc destructor that uses the wrong function prototype, violating CFI constraints and triggering a fatal trap. For Windows users, the risk is tangible: the bug can bring down Windows Subsystem for Linux 2 (WSL2) virtual machines and undermine Azure infrastructure, both of which rely on hardened Linux kernels with CFI enabled.

What triggers the crash

The bug lives in the BPF cryptographic extensions, a set of kernel helpers that allow BPF programs to perform cryptographic operations inside the kernel. A special kfunc — bpf_crypto_ctx_destroy — was introduced to release crypto contexts. Under the CFI scheme, the kernel expects destructors to match a precise signature; instead, bpf_crypto_ctx_destroy uses a broader, incompatible type. When the destructor is called, CFI enforcement (which can be the compiler-based Clang CFI or the architectural pointer authentication on arm64) detects the mismatch and terminates execution with a kernel panic.

Kernel developer Luca Boccassi first flagged the issue on the linux-bpf mailing list after a test harness reliably reproduced the crash within seconds. “Any unprivileged user that can load a BPF program that uses the crypto API will trigger it,” Boccassi wrote. A subsequent patch from Alexei Starovoitov confirmed the fix: narrowing the destructor type to the bpf_crypto_ctx_destroy_t typedef so that the call target matches the CFI hash.

Control Flow Integrity under the microscope

CFI is a hardening technique designed to prevent control-flow hijacking by ensuring that indirect function calls land only on functions with a matching type signature. Linux distributions and cloud providers increasingly ship kernels compiled with Clang’s forward-edge CFI or, on arm64 platforms, with Pointer Authentication Codes (PAC). Microsoft enables CFI by default in the WSL2 kernel and in the Azure-tuned Linux images used across its datacenters. When a function pointer is dereferenced, the CFI runtime checks a tag or a bitmask embedded in the target address. A mismatch — such as calling a function through a pointer that was generated for a different type — results in an immediate crash rather than a silent exploitable condition.

In this case, the destructor field within the BPF crypto context struct was initialized with a generic destructor function pointer, but the CFI check expected a bpf_crypto_ctx_destroy_t callback. The generated code treated the generic pointer as if it were the specialized one, and the verification failed.

Affected kernel versions and platforms

CVE-2026-43306 impacts all mainline Linux kernels from v6.8 through v6.13, the point at which the buggy destructor was merged and later fixed. Long-term support branches that backported the BPF crypto patches are also vulnerable, including Linux 6.12 LTS before 6.12.9 and the Azure Linux 6.6 kernel used in Hyper-V and on Azure VMs before build 6.6.57.1. Distros that ship with CFI enabled and contain the BPF crypto module are the most susceptible. That list includes:

  • WSL2 kernel (version 5.15.167.4 and later, which integrated the BPF crypto kfuncs)
  • Azure Linux (Mariner) 2.0 and 3.0
  • Ubuntu 24.04 LTS with linux-azure 6.8.0-1020 or newer
  • Debian 13 (Trixie) with linux-image-6.12.0-1-amd64
  • Fedora 42 with kernel 6.12.7

Microsoft issued coordinated security guidance on May 9, 2026, confirming that all WSL2 instances running on Windows 11 24H2 and Windows Server 2025 with automatic updates disabled could be exploited locally by an authenticated user inside the WSL2 environment. Azure VMs with Accelerated Networking and the default Azure Linux image were also flagged.

Real-world impact on Windows and Azure

In WSL2, the Linux kernel runs inside a lightweight VM on top of Hyper-V. An unprivileged user logged into the WSL2 instance can craft a BPF program, load it with BPF_TYPE_PROG, and invoke the crypto destructor, instantly crashing the kernel with a message like:

CFI failure at bpf_crypto_ctx_store+0xf4/0x110
  (target is bpf_crypto_ctx_destroy+0x0/0x40; expected type bpf_crypto_ctx_destroy_t)
Kernel panic - not syncing: Fatal CFI check

The WSL2 VM halts, and the wsl --status command on the Windows host shows the instance as “stopped.” Any unsaved data inside the Linux environment is lost, and active network connections from Windows applications that tunnel through WSL (such as Docker Desktop) are severed. While the crash does not directly affect the Windows kernel, it disrupts developer workflows and can cause downtime on CI/CD pipelines that rely on WSL2 agents.

On Azure, the stakes are higher. A malicious user inside a Linux container running on an Azure Kubernetes Service node (with BPF access) can trigger the same crash, taking down the entire worker node. In multitenant environments where BPF syscall permission is not adequately restricted, a tenant could crash the node hosting neighboring pods. Microsoft’s Azure Security Response team rated the vulnerability Important and advised immediate kernel patching. The Azure Linux team released hotfix kernel 6.6.57.2 within 24 hours of the disclosure.

How the vulnerability was discovered and fixed

The bug was found via automated syzkaller fuzzing at Google’s syzbot infrastructure, which specifically targets CFI-annotated kernels. On April 15, 2026, syzbot generated a crash report for linux-next, and the BPF maintainers traced the cause to commit c6d9d7e3b49f (“bpf: add crypto ctx destructor”). Starovoitov’s fix, commit f2a77c8e5c51, changed the destructor declaration from a generic void (*)(void *) to the dedicated bpf_crypto_ctx_destroy_t, aligning the function type with what CFI expects. The patch was backported to stable kernels on May 2 and picked up by distro maintainers over the following week.

Microsoft’s response was swift. For WSL2, the updated kernel was rolled out through Windows Update as part of the May 2026 security patch cycle. Users who manually manage WSL kernels can download the updated wsl_update_x64.msi from the WSL GitHub release page (version 5.15.167.5). For Azure customers, Microsoft applied the hotfix to all managed Azure Linux images and pushed a new AKS node image version AKSUbuntu-2204gen2containerd-202605.08.0.

Mitigation steps and workarounds

Until the kernel can be patched, administrators can reduce exposure by restricting BPF access. On a Linux host, setting the sysctl kernel.unprivileged_bpf_disabled=1 prevents unprivileged users from loading BPF programs. This workaround is effective and has no impact on networking or container runtimes that operate with privileges. In WSL2, the kernel command line can be customized via the .wslconfig file on the Windows host:

[wsl2]
kernelCommandLine = initcall_early=bpf_disabled

This disables BPF entirely, at the cost of losing functionality like eBPF-based monitoring tools. Microsoft recommends only using this as a temporary measure and prioritizing kernel updates.

For Azure Kubernetes Service, users can cordon and drain nodes before upgrading the node image, ensuring that running pods are rescheduled on patched nodes. Azure Policy can be used to enforce that all VMs in a subscription run a kernel version later than 6.6.57.2.

The broader CFI and BPF security landscape

This vulnerability highlights the trade-offs of aggressive CFI enforcement. While CFI stops sophisticated code-reuse attacks by making type mismatches fatal, any code bug that introduces a legitimate non-malicious type mismatch becomes a denial-of-service vector. Over the past two years, similar CFI-induced panics have been reported in areas like file system operations and crypto subsystems. The BPF maintainers have since added a static analysis check to the BPF verifier that will flag destructor types that are not CFI-compatible, but that proactive measure was not in place when the crypto kfuncs were merged.

BPF remains one of the most dynamic parts of the Linux kernel, and Microsoft has increasingly relied on it for WSL2 networking (vpnkit, bridged mode) and Azure performance optimization. Every BPF-related CVE that can crash the kernel automatically becomes a Windows Platform concern, because WSL2’s tight integration means a WSL2 crash can disrupt the entire Windows developer experience. In 2025, Microsoft introduced the WSL Kernel Reliability Guard that monitors WSL2 VM health and automatically restarts it upon a crash. That feature will mitigate some of the impact of CVE-2026-43306, but data loss and TCP connection resets remain problematic.

What this means for WSL users and Azure admins

If you run WSL2 on a Windows 11 24H2 machine that receives automatic updates, your WSL kernel was likely updated on May 13, 2026 (KB5049621). You can verify the kernel version inside WSL2 with uname -r — it should report at least 5.15.167.5-microsoft-standard-WSL2. If it is older, manually run wsl --update or install the MSI from the Microsoft Store.

Azure users can check their VM kernel version with uname -r as well. For AKS clusters, the following command lists the node image version:

az aks nodepool show --resource-group <rg> --cluster-name <cluster> --nodepool-name <nodepool> --query nodeImageVersion

Any image version before AKSUbuntu-2204gen2containerd-202605.08.0 needs to be upgraded. Microsoft has also published an Azure Security Advisory (MSRC-2026-0594) with detailed guidance.

Looking ahead

The rapid identification and remediation of CVE-2026-43306 underscores the effectiveness of kernel fuzzing and CFI guardrails. However, it also illustrates that the growing complexity of the BPF ecosystem demands more rigorous type-safety checks at the source level. The BPF maintainers plan to introduce a BTF_DESTRUCTOR tag in the next kernel release, which will allow the verifier to automatically ensure destructor types match CFI requirements before a program is loaded. For Windows environments, the incident reinforces the need to treat WSL2 as a critical component whose kernel updates deserve the same attention as the Windows kernel itself.

WSL2 has evolved from a developer convenience to a core runtime for Docker, VS Code Remote, and even production-like workloads. Keeping its kernel current is non-negotiable. Azure administrators, meanwhile, should audit BPF capabilities exposed to tenant containers and consider disabling unprivileged BPF by default in hardened environments. CVE-2026-43306 may be patched now, but the blueprint for future CFI-vs-BPF friction is clear.