CVE-2026-23014 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-28 | Updated 2026-02-09 | Assigner Linux

Product status

Default status

unaffected

eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 (git) before deee9dfb111ab00f9dfd46c0c7e36656b80f5235

affected

eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 (git) before ff5860f5088e9076ebcccf05a6ca709d5935cfa9

affected

6b8c512811644cf2f5eaf6f44e928683c54127f0 (git)

affected

Default status

affected

6.18

affected

Any version before 6.18

unaffected

6.18.6 (semver)

unaffected

6.19 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235

git.kernel.org/...c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9

cve.org (CVE-2026-23014)

nvd.nist.gov (CVE-2026-23014)

Download JSON