{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23309","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.994Z","datePublished":"2026-03-25T10:27:04.828Z","dateUpdated":"2026-05-11T22:04:23.455Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:04:23.455Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add NULL pointer check to trigger_data_free()\n\nIf trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()\njumps to the out_free error path. While kfree() safely handles a NULL\npointer, trigger_data_free() does not. This causes a NULL pointer\ndereference in trigger_data_free() when evaluating\ndata->cmd_ops->set_filter.\n\nFix the problem by adding a NULL pointer check to trigger_data_free().\n\nThe problem was found by an experimental code review agent based on\ngemini-3.1-pro while reviewing backports into v6.18.y."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_events_trigger.c"],"versions":[{"version":"c10f0efe57728508d796ae4ba7abe4c14ec3d8ef","lessThan":"13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e","status":"affected","versionType":"git"},{"version":"7e6556e9329bc484e9dcdab6e346d959267c0636","lessThan":"59c15b9cc453b74beb9f04c6c398717e73612dc3","status":"affected","versionType":"git"},{"version":"9b0513905e0598b9f8cfccab8e47497aed5d935d","lessThan":"42b380f97d65e76e7b310facd525f730272daf57","status":"affected","versionType":"git"},{"version":"335dfe4bc6368e70e8c15419375cf609c4f85558","lessThan":"2ce8ece5a78da67834db7728edc801889a64f643","status":"affected","versionType":"git"},{"version":"e42efbe9754da78eafe11f6bd3ca9c8a094a752a","lessThan":"477469223b2b840f436ce204333de87cb17e5d93","status":"affected","versionType":"git"},{"version":"0550069cc25f513ce1f109c88f7c1f01d63297db","lessThan":"457965c13f0837a289c9164b842d0860133f6274","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/trace_events_trigger.c"],"versions":[{"version":"6.1.165","lessThan":"6.1.167","status":"affected","versionType":"semver"},{"version":"6.6.128","lessThan":"6.6.130","status":"affected","versionType":"semver"},{"version":"6.12.75","lessThan":"6.12.77","status":"affected","versionType":"semver"},{"version":"6.18.14","lessThan":"6.18.17","status":"affected","versionType":"semver"},{"version":"6.19.4","lessThan":"6.19.7","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.165","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.128","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.75","versionEndExcluding":"6.12.77"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.14","versionEndExcluding":"6.18.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.4","versionEndExcluding":"6.19.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e"},{"url":"https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3"},{"url":"https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57"},{"url":"https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643"},{"url":"https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93"},{"url":"https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274"}],"title":"tracing: Add NULL pointer check to trigger_data_free()","x_generator":{"engine":"bippy-1.2.0"}}}}