{"id":"CVE-2026-23309","summary":"tracing: Add NULL pointer check to trigger_data_free()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add NULL pointer check to trigger_data_free()\n\nIf trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()\njumps to the out_free error path. While kfree() safely handles a NULL\npointer, trigger_data_free() does not. This causes a NULL pointer\ndereference in trigger_data_free() when evaluating\ndata-\u003ecmd_ops-\u003eset_filter.\n\nFix the problem by adding a NULL pointer check to trigger_data_free().\n\nThe problem was found by an experimental code review agent based on\ngemini-3.1-pro while reviewing backports into v6.18.y.","modified":"2026-04-14T05:03:06.009450Z","published":"2026-03-25T10:27:04.828Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23309.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643"},{"type":"WEB","url":"https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57"},{"type":"WEB","url":"https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274"},{"type":"WEB","url":"https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93"},{"type":"WEB","url":"https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23309.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23309"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c10f0efe57728508d796ae4ba7abe4c14ec3d8ef"},{"fixed":"13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7e6556e9329bc484e9dcdab6e346d959267c0636"},{"fixed":"59c15b9cc453b74beb9f04c6c398717e73612dc3"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9b0513905e0598b9f8cfccab8e47497aed5d935d"},{"fixed":"42b380f97d65e76e7b310facd525f730272daf57"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"335dfe4bc6368e70e8c15419375cf609c4f85558"},{"fixed":"2ce8ece5a78da67834db7728edc801889a64f643"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e42efbe9754da78eafe11f6bd3ca9c8a094a752a"},{"fixed":"477469223b2b840f436ce204333de87cb17e5d93"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0550069cc25f513ce1f109c88f7c1f01d63297db"},{"fixed":"457965c13f0837a289c9164b842d0860133f6274"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23309.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.1.165"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.6.128"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.12.75"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.14"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.4"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23309.json"}}],"schema_version":"1.7.5"}