CVE-2026-23014

HIGH 7.8

perf: Ensure swevent hrtimer is properly destroyed

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jan 28, 2026
Last Updated	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 < deee9dfb111ab00f9dfd46c0c7e36656b80f5235 eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 < ff5860f5088e9076ebcccf05a6ca709d5935cfa9 6b8c512811644cf2f5eaf6f44e928683c54127f0

Linux / Linux

6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235 git.kernel.org: https://git.kernel.org/stable/c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9