CVE-2026-23044
Unknown Unknown - Not Provided

Use-After-Free Vulnerability in Linux Kernel PM Hibernate Causes Crash

Vulnerability report for CVE-2026-23044, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() unconditionally calls crypto_free_acomp() without checking for ERR_PTR, which causes crypto_acomp_tfm() to dereference an invalid pointer and crash the kernel. This can be triggered when the compression algorithm is unavailable (e.g., CONFIG_CRYPTO_LZO not enabled). Fix by adding IS_ERR_OR_NULL() checks before calling crypto_free_acomp() and acomp_request_free(), similar to the existing kthread_stop() check. [ rjw: Added 2 empty code lines ]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-07-06
AI Q&A
2026-02-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's power management hibernate functionality. Specifically, when the function crypto_alloc_acomp() fails, it returns an error pointer (ERR_PTR) instead of NULL. However, the cleanup code in save_compressed_image() and load_compressed_image() does not check for this error pointer and calls crypto_free_acomp() unconditionally. This leads to dereferencing an invalid pointer, causing the kernel to crash.

The issue can be triggered if the compression algorithm is unavailable, for example, if CONFIG_CRYPTO_LZO is not enabled in the kernel configuration. The fix involves adding proper checks (IS_ERR_OR_NULL()) before calling crypto_free_acomp() and acomp_request_free() to avoid freeing invalid pointers.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during hibernation when the compression algorithm is unavailable or crypto_alloc_acomp() fails. A kernel crash can lead to system instability, unexpected reboots, potential data loss, and denial of service conditions.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the fix has been applied.

The fix involves adding proper checks (IS_ERR_OR_NULL()) before calling crypto_free_acomp() and acomp_request_free() to prevent kernel crashes.

Additionally, verify that the compression algorithm (e.g., CONFIG_CRYPTO_LZO) is enabled if compression is required, to avoid triggering the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart