CVE-2026-23138

CWE-8358 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 97.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal,

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel5.86.18.6+1
CVEListV5linux/linux5f5fa7ea89dc82d34ed458f4d7a8634e8e9eefce9b03768037d91ce727effb1c5d92d2c7781bf692+4
Debianlinux< 6.18.8-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23138: In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was report2026-02-14
CVEList
tracing: Add recursion protection in kernel stack trace recording2026-02-14
GHSA
GHSA-gqpg-53jh-cpqf: In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was repo2026-02-14

📋Vendor Advisories

3
Red Hat
kernel: tracing: Add recursion protection in kernel stack trace recording2026-02-14
Microsoft
tracing: Add recursion protection in kernel stack trace recording2026-02-10
Debian
CVE-2026-23138: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: Ad...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23138 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23138 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io