CVE-2026-23044

The cleanup code in savecompressedimage() and loadcompressedimage() unconditionally calls cryptofreeacomp() without checking for ERRPTR, which causes cryptoacomp_tfm() to dereference an invalid pointer and crash the kernel.

This can be triggered when the compression algorithm is unavailable (e.g., CONFIGCRYPTOLZO not enabled).

Fix by adding ISERRORNULL() checks before calling cryptofreeacomp() and acomprequestfree(), similar to the existing kthreadstop() check.

[ rjw: Added 2 empty code lines ]

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23044.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b03d542c3c9569f549b1ba0cf7f4d90151fbf8ab

Fixed

b7a883b0135dbc6817e90a829421c9fc8cd94bad

Fixed

7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77

Affected versions

v6.*

v6.14

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.18

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

v6.18-rc6

v6.18-rc7

v6.18.1

v6.18.2

v6.18.3

v6.18.4

v6.18.5

v6.19-rc1

v6.19-rc2

v6.19-rc3

v6.19-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23044.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.15.0

Fixed

6.18.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23044.json"