HarborGuard / CVE
Back to search
HIGHCVE-2026-23014Published Modified CNA Linux

CVE-2026-23014: perf: Ensure swevent hrtimer is properly destroyed

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

06.186.18.66.19deee9dfb111ab00f9dfd46c0c7e36656b80f5235ff5860f5088e9076ebcccf05a6ca709d5935cfa9
Affected packages
  • Linux / Linux
    < deee9dfb111ab00f9dfd46c0c7e36656b80f5235 (from eb3182ef0405ff2f6668fd3e5ff9883f60ce8801) · < ff5860f5088e9076ebcccf05a6ca709d5935cfa9 (from eb3182ef0405ff2f6668fd3e5ff9883f60ce8801) · 6b8c512811644cf2f5eaf6f44e928683c54127f0 · < 6.18 (from 6.17.8)
  • Linux / Linux
    6.18
    Fixed in 0, 6.18.6, 6.19
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-23014: perf: Ensure swevent hrtimer is properly destroyed | HarborGuard CVE