CVE-2026-23309 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Add NULL pointer check to trigger_data_free()

If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()
jumps to the out_free error path. While kfree() safely handles a NULL
pointer, trigger_data_free() does not. This causes a NULL pointer
dereference in trigger_data_free() when evaluating
data->cmd_ops->set_filter.

Fix the problem by adding a NULL pointer check to trigger_data_free().

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643
https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57
https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274
https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93
https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3

History

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y.
Title		tracing: Add NULL pointer check to trigger_data_free()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643 https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57 https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274 https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93 https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:04.828Z

Updated: 2026-03-25T10:27:04.828Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23309

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-25T11:16:26.993

Modified: 2026-03-25T11:16:26.993

Link: CVE-2026-23309

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object