CVE-2026-23475

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw where controller per-cpu statistics were not allocated until after the controller was registered, creating a window where accessing sysfs attributes could lead to a NULL-pointer dereference. The fix involves moving the statistics allocation to controller allocation and tying its lifetime to the controller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.