Vulnerability Details CVE-2026-23309
In the Linux kernel, the following vulnerability has been resolved:
tracing: Add NULL pointer check to trigger_data_free()
If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()
jumps to the out_free error path. While kfree() safely handles a NULL
pointer, trigger_data_free() does not. This causes a NULL pointer
dereference in trigger_data_free() when evaluating
data->cmd_ops->set_filter.
Fix the problem by adding a NULL pointer check to trigger_data_free().
The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 2.4%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-23309
-
cpe:2.3:o:linux:linux_kernel:6.1.165
-
cpe:2.3:o:linux:linux_kernel:6.12.75
-
cpe:2.3:o:linux:linux_kernel:6.18.14
-
cpe:2.3:o:linux:linux_kernel:6.18.16
-
cpe:2.3:o:linux:linux_kernel:6.19.4
-
cpe:2.3:o:linux:linux_kernel:6.19.6
-
cpe:2.3:o:linux:linux_kernel:6.6.128
-
cpe:2.3:o:linux:linux_kernel:6.6.129
-
cpe:2.3:o:linux:linux_kernel:7.0