5.5

CVE-2026-23002

EPSS 0.02%
Veröffentlicht 25.01.2026 14:36:16
Zuletzt bearbeitet 25.03.2026 19:22:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

lib/buildid: use __kernel_read() for sleepable context

In the Linux kernel, the following vulnerability has been resolved:

lib/buildid: use __kernel_read() for sleepable context

Prevent a "BUG: unable to handle kernel NULL pointer dereference in
filemap_read_folio".

For the sleepable context, convert freader to use __kernel_read() instead
of direct page cache access via read_cache_folio().  This simplifies the
faultable code path by using the standard kernel file reading interface
which handles all the complexity of reading file data.

At the moment we are not changing the code for non-sleepable context which
uses filemap_get_folio() and only succeeds if the target folios are
already in memory and up-to-date.  The reason is to keep the patch simple
and easier to backport to stable kernels.

Syzbot repro does not crash the kernel anymore and the selftests run
successfully.

In the follow up we will make __kernel_read() with IOCB_NOWAIT work for
non-sleepable contexts.  In addition, I would like to replace the
secretmem check with a more generic approach and will add fstest for the
buildid code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 11 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.12.1 < 6.12.67

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.7

Linux ≫ Linux Kernel Version6.12 Update-

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

Linux ≫ Linux Kernel Version6.19 Updaterc8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.043

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/b11dfb7708f212b96c7973a474014c071aa02e05

Patch

https://git.kernel.org/stable/c/568aeb3476c770a3863c755dd2a199c212434286

Patch

https://git.kernel.org/stable/c/777a8560fd29738350c5094d4166fe5499452409

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23002

EUVD