CVE-2026-23088

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.3+deb14-amd64 #1

Description A flaw exists in the Linux kernel related to the handling of synthetic stacktraces within the tracing subsystem. Specifically, when creating a synthetic event based on an existing event with a stacktrace field, and subsequently using that field in a new synthetic event, a kernel crash can occur. This is due to the stacktrace field not being correctly identified as a dynamic event, leading to it being treated as a normal field during data retrieval. The issue arises when enabling the affected event or using it in a histogram. The root cause is that the metadata is retrieved instead of a dynamic array.

Recommendations Update to Linux kernel version 6.16.3+deb14-amd64 #1 or later to address this issue.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-23088

ECHO-40C1-1118-0D1F

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

CVE-2026-23088

Weakness Enumeration

Related Identifiers

Affected Products

References · 772