CVE-2026-23127

CWE-9117 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 96.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event->mmap_count increment When calling refcount_inc(&event->mmap_count) inside perf_mmap_rb(), the following warning is triggered: refcount_t: addition on 0; use-after-free. WARNING: lib/refcount.c:25 PoC: struct perf_event_attr attr = {0}; int fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0); mmap(NULL, 0x3000, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); int victim = syscall(__NR_perf

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.186.18.8+1
CVEListV5linux/linux448f97fba9013ffa13f5dd82febd18836b18949923c0e4bd93d0b250775162faf456470485ac9fc7+2
Debianlinux< 6.18.8-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23127: In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event->mmap_count increment When calling refcount_in2026-02-14
CVEList
perf: Fix refcount warning on event->mmap_count increment2026-02-14
GHSA
GHSA-5pm5-3fx7-4f4r: In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event->mmap_count increment When calling refcount_2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Privilege escalation or denial of service in perf subsystem2026-02-14
Debian
CVE-2026-23127: linux - In the Linux kernel, the following vulnerability has been resolved: perf: Fix r...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23127 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23127 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io