CVE-2026-23309NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 90.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem w

Affected Packages4 packages

Linuxlinux/linux_kernel6.2.06.6.130+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxc10f0efe57728508d796ae4ba7abe4c14ec3d8ef13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e+10
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23309: In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fai2026-03-25
OSV
tracing: Add NULL pointer check to trigger_data_free()2026-03-25
GHSA
GHSA-f7v6-c4j6-g8wv: In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() f2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: tracing: Add NULL pointer check to trigger_data_free()2026-03-25
Debian
CVE-2026-23309: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: Ad...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23309 Impact, Exploitability, and Mitigation Steps | Wiz