CVE-2026-23044

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to handling crypto compressors during hibernation. Specifically, the crypto alloc acomp() function can return an error pointer (ERR PTR) instead of NULL. The save compressed image() and load compressed image() functions then call crypto free acomp() without checking for this error pointer, leading to a kernel crash when attempting to dereference an invalid pointer within the crypto acomp tfm() function. This issue occurs when a compression algorithm is unavailable, such as when CONFIG CRYPTO LZO is not enabled. The fix involves adding checks using IS ERR OR NULL() before calling crypto free acomp() and acomp request free().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.