In the Linux kernel, the following vulnerability has been resolved:

tracing: Add NULL pointer check to trigger_data_free()

If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()
jumps to the out_free error path. While kfree() safely handles a NULL
pointer, trigger_data_free() does not. This causes a NULL pointer
dereference in trigger_data_free() when evaluating
data->cmd_ops->set_filter.

Fix the problem by adding a NULL pointer check to trigger_data_free().

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
c10f0efe57728508d796ae4ba7abe4c14ec3d8ef affected < 13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e
7e6556e9329bc484e9dcdab6e346d959267c0636 affected < 59c15b9cc453b74beb9f04c6c398717e73612dc3
9b0513905e0598b9f8cfccab8e47497aed5d935d affected < 42b380f97d65e76e7b310facd525f730272daf57
335dfe4bc6368e70e8c15419375cf609c4f85558 affected < 2ce8ece5a78da67834db7728edc801889a64f643
e42efbe9754da78eafe11f6bd3ca9c8a094a752a affected < 477469223b2b840f436ce204333de87cb17e5d93
0550069cc25f513ce1f109c88f7c1f01d63297db affected < 457965c13f0837a289c9164b842d0860133f6274
Linux Linux affected
Version Status Constraints
7.0-rc1 affected
0 unaffected < 7.0-rc1
6.1.167 unaffected ≤ 6.1.*
6.6.130 unaffected ≤ 6.6.*
6.12.77 unaffected ≤ 6.12.*
6.18.17 unaffected ≤ 6.18.*
6.19.7 unaffected ≤ 6.19.*
7.0-rc3 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/13dcd9269e225e4c4ceabdaeebe2ce4661b54c6e cve-icon cve-icon
https://git.kernel.org/stable/c/2ce8ece5a78da67834db7728edc801889a64f643 cve-icon cve-icon
https://git.kernel.org/stable/c/42b380f97d65e76e7b310facd525f730272daf57 cve-icon cve-icon
https://git.kernel.org/stable/c/457965c13f0837a289c9164b842d0860133f6274 cve-icon cve-icon
https://git.kernel.org/stable/c/477469223b2b840f436ce204333de87cb17e5d93 cve-icon cve-icon
https://git.kernel.org/stable/c/59c15b9cc453b74beb9f04c6c398717e73612dc3 cve-icon cve-icon
History

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() does not. This causes a NULL pointer dereference in trigger_data_free() when evaluating data->cmd_ops->set_filter. Fix the problem by adding a NULL pointer check to trigger_data_free(). The problem was found by an experimental code review agent based on gemini-3.1-pro while reviewing backports into v6.18.y.
Title tracing: Add NULL pointer check to trigger_data_free()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-03-25T10:27:04.828Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23309

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:26.993

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.