CVE-2026-23052
Unknown Unknown - Not Provided
Integer Overflow in Linux Kernel ftrace Causes Memory Over-Allocation

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pg_remaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger. Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0 A similar problem in ftrace_allocate_records() can result in allocating too many pages. This can trigger the second warning in ftrace_process_locs(). Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580 Use the actual capacity of a page group to determine the number of pages to allocate. Have ftrace_allocate_pages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIES_PER_PAGE since it is no longer used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23052
EUVD
EUVD-2026-5494
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ftrace subsystem, where the calculation of available memory for ftrace entries is incorrect. Specifically, the function ftrace_process_locs() uses a calculation that assumes the number of entries per page multiplied by 2 to the power of the order equals the actual capacity of the allocated page group. However, because the page size is not always a multiple of the entry size, this calculation underestimates the remaining capacity.

This underestimation causes the system to think there is less free space than there actually is, which leads to warnings being triggered and potentially allocating too many pages in ftrace_allocate_records(). The fix involves using the actual capacity of the page group to determine the number of pages to allocate and adjusting the code to avoid relying on the incorrect ENTRIES_PER_PAGE definition.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel's ftrace subsystem to allocate more memory pages than necessary due to incorrect capacity calculations. This over-allocation may lead to inefficient memory usage and trigger kernel warnings.

While the description does not explicitly mention security impacts such as privilege escalation or denial of service, the improper memory allocation and warnings could potentially affect system stability or performance.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel warnings related to ftrace memory allocation. Specifically, look for warnings such as "Extra allocated pages for ftrace" and "WARNING: CPU: ... ftrace_process_locs" in the kernel logs.

You can check for these warnings by examining the kernel log using commands like:

  • dmesg | grep -i ftrace
  • journalctl -k | grep -i ftrace
  • grep -i ftrace /var/log/kern.log

These commands will help identify if the kernel has logged warnings related to the ftrace memory over-allocation issue described in the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the Linux kernel to a version where this vulnerability has been resolved. The fix involves correcting the calculation of ftrace memory allocation to prevent over-allocation and related warnings.

Until the kernel is updated, monitoring kernel logs for the described warnings can help detect exploitation attempts or issues caused by this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart