CVE-2026-23052

Source
https://cve.org/CVERecord?id=CVE-2026-23052
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23052.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23052
Downstream
Published
2026-02-04T16:04:21.739Z
Modified
2026-07-15T01:49:06.485377943Z
Summary
ftrace: Do not over-allocate ftrace memory
Details

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Do not over-allocate ftrace memory

The pgremaining calculation in ftraceprocesslocs() assumes that ENTRIESPERPAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIESPERPAGE is PAGESIZE / ENTRYSIZE (integer division). When PAGESIZE is not a multiple of ENTRYSIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pgremaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger.

Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftraceprocesslocs+0x5bf/0x5e0

A similar problem in ftraceallocaterecords() can result in allocating too many pages. This can trigger the second warning in ftraceprocesslocs().

Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftraceprocesslocs+0x548/0x580

Use the actual capacity of a page group to determine the number of pages to allocate. Have ftraceallocatepages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIESPERPAGE since it is no longer used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23052.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dc06779d338de4e5a46166a93ec124222e09f40a
Fixed
bf802b936a7b269917e4dc233e49f6a928db8286
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2a6ce8bddd8aafa61aaa705e76eae810f22429be
Fixed
23936d19e4383c8dfb03931f032473d4baf92533
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4a3efc6baff931da9a85c6d2e42c87bd9a827399
Fixed
9aef476717994e96dadfb359641c4b82b521aa36
Fixed
be55257fab181b93af38f8c4b1b3cb453a78d742

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23052.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23052.json"