CVE-2026-23088NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-843Type Confusion7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedFeb 4
Latest updateFeb 10

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: ~# cd /sys/kernel/tracing ~# echo 's:stack unsigned long stack[];' > dynamic_events ~# echo 'hist:keys=prev_pid:s0=common_stacktrace if prev_state & 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.10.2375.11+6
Debianlinux/linux_kernel< 6.12.69-1+1
debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-3gp7-mv7f-66rh: In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic2026-02-04
OSV
CVE-2026-23088: In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic e2026-02-04

📋Vendor Advisories

3
Microsoft
tracing: Fix crash on synthetic stacktrace field usage2026-02-10
Red Hat
kernel: tracing: Fix crash on synthetic stacktrace field usage2026-02-04
Debian
CVE-2026-23088: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: Fi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23088 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23088 — NULL Pointer Dereference in Linux | cvebase