CVE-2026-23159
Severity
5.5MEDIUM
EPSS
0.0%
top 97.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
perf: sched: Fix perf crash with new is_user_task() helper
In order to do a user space stacktrace the current task needs to be a user
task that has executed in user space. It use to be possible to test if a
task is a user task or not by simply checking the task_struct mm field. If
it was non NULL, it was a user task and if not it was a kernel task.
But things have changed over time, and some kernel tasks now have their
own mm…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux34b5aba8511a12fb2e9bd3124835cb4087187dac — d84a4836dc246b7dc244e46a08ff992956b68db0+5
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.6.122/6.12.68/6.18.8 perf is_user_task null pointer dereference (Nessus ID 299151 / WID-SEC-2026-0421)↗2026-04-13
GHSA▶
GHSA-398f-64gc-qxqm: In the Linux kernel, the following vulnerability has been resolved:
perf: sched: Fix perf crash with new is_user_task() helper
In order to do a user↗2026-02-14
OSV▶
CVE-2026-23159: In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new is_user_task() helper In order to do a user s↗2026-02-14