CVE-2026-23309 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643
https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57
https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274
https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93
https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3
https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23309-4243@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23309
https://www.cve.org/CVERecord?id=CVE-2026-23309

History

Thu, 28 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23309-4243@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23309 https://www.cve.org/CVERecord?id=CVE-2026-23309

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y.
Title		tracing: Add NULL pointer check to trigger_data_free()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643 https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57 https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274 https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93 https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:04.828Z

Updated: 2026-05-11T22:04:23.455Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23309

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:26.993

Modified: 2026-05-28T14:24:05.053

Link: CVE-2026-23309

Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23309 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T16:00:14Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object