CVE-2026-23002

EPSS 0.02%
Veröffentlicht 25.01.2026 14:36:16
Zuletzt bearbeitet 26.01.2026 15:03:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

lib/buildid: use __kernel_read() for sleepable context

Prevent a "BUG: unable to handle kernel NULL pointer dereference in
filemap_read_folio".

For the sleepable context, convert freader to use __kernel_read() instead
of direct page cache access via read_cache_folio().  This simplifies the
faultable code path by using the standard kernel file reading interface
which handles all the complexity of reading file data.

At the moment we are not changing the code for non-sleepable context which
uses filemap_get_folio() and only succeeds if the target folios are
already in memory and up-to-date.  The reason is to keep the patch simple
and easier to backport to stable kernels.

Syzbot repro does not crash the kernel anymore and the selftests run
successfully.

In the follow up we will make __kernel_read() with IOCB_NOWAIT work for
non-sleepable contexts.  In addition, I would like to replace the
secretmem check with a more generic approach and will add fstest for the
buildid code.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b11dfb7708f212b96c7973a474014c071aa02e05

Version ad41251c290dfe3c01472c94d2439a59de23fe97

Status affected

Version < 568aeb3476c770a3863c755dd2a199c212434286

Version ad41251c290dfe3c01472c94d2439a59de23fe97

Status affected

Version < 777a8560fd29738350c5094d4166fe5499452409

Version ad41251c290dfe3c01472c94d2439a59de23fe97

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.12

Status affected

Version < 6.12

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.67

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19-rc6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b11dfb7708f212b96c7973a474014c071aa02e05

https://git.kernel.org/stable/c/568aeb3476c770a3863c755dd2a199c212434286

https://git.kernel.org/stable/c/777a8560fd29738350c5094d4166fe5499452409

https://nvd.nist.gov/vuln/detail/CVE-2026-23002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23002

EUVD