SB20260325155 - NULL Pointer Dereference in Linux kernel trace
Published: March 25, 2026
Security Bulletin ID
SB20260325155
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL Pointer Dereference (CVE-ID: CVE-2026-23309)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the tracing subsystem when handling error conditions during trigger data allocation. A local user can trigger a malformed trace event configuration to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
- https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643
- https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57
- https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274
- https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93
- https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3