CVE-2026-23309

MEDIUM EPSS 2.4%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.1.165  –  <6.1.167
linuxlinux_kernel*≥6.6.128  –  <6.6.130
linuxlinux_kernel*≥6.12.75  –  <6.12.77
linuxlinux_kernel*≥6.18.14  –  <6.18.17
linuxlinux_kernel*≥6.19.4  –  <6.19.7
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3
    Patch