CVE-2026-23044Detection of Error Condition Without Action in Linux

CWE-390Detection of Error Condition Without Action7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() unconditionally calls crypto_free_acomp() without checking for ERR_PTR, which causes crypto_acomp_tfm() to dereference an invalid pointer and crash the kernel. This can be triggered when the compression algorithm is unav

Affected Packages4 packages

Linuxlinux/linux_kernel6.15.06.18.6
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linuxb03d542c3c9569f549b1ba0cf7f4d90151fbf8abb7a883b0135dbc6817e90a829421c9fc8cd94bad+2
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-fmhv-7w67-r8mw: In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_allo2026-02-04
OSV
CVE-2026-23044: In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_2026-02-04
OSV
PM: hibernate: Fix crash when freeing invalid crypto compressor2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: PM: hibernate: Fix crash when freeing invalid crypto compressor2026-02-04
Debian
CVE-2026-23044: linux - In the Linux kernel, the following vulnerability has been resolved: PM: hiberna...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23044 Impact, Exploitability, and Mitigation Steps | Wiz