Description
In the Linux kernel, the following vulnerability has been resolved:

perf: Ensure swevent hrtimer is properly destroyed

With the change to hrtimer_try_to_cancel() in
perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to
still be active by the time the event gets freed.

Make sure the event does a full hrtimer_cancel() on the free path by
installing a perf_event::destroy handler.
Published: 2026-01-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Kernel instability
Action: Apply Patch
AI Analysis

Impact

This vulnerability occurs when a high‑resolution timer used by the perf subsystem is not fully canceled before its associated perf event is freed. As a result, the timer may remain active, potentially allowing the kernel to execute timer callbacks with invalid state information once the event resources have been released. This can lead to unpredictable kernel behavior, such as data corruption, crashes, or instability, although no direct data‑exfiltration or privilege escalation is described.

Affected Systems

All versions of the Linux kernel from 6.18 onward, including the 6.19 release candidates 1 through 8, are affected. Kernel builds that lack the recent hrtimer_cancel fix for perf events are vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. The EPSS score of less than 1% suggests a very low likelihood of automated exploitation at present, and the vulnerability is not listed in CISA's KEV catalog. The description does not specify whether a local or elevated privilege is required; the likely attack vector is local execution, as it involves interacting with kernel perf events; however, this remains an inference.

Generated by OpenCVE AI on April 29, 2026 at 02:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the hrtimer_cancel fix, such as the latest patch release of 6.18 or any 6.19 release candidate that incorporates the fix
  • Reboot the system after applying the update to ensure the new kernel is active
  • If an update is not immediately available, temporarily disable perf events until the kernel is updated

Generated by OpenCVE AI on April 29, 2026 at 02:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 18 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 25 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

Thu, 29 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 28 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.
Title perf: Ensure swevent hrtimer is properly destroyed
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T21:58:20.109Z

Reserved: 2026-01-13T15:37:45.940Z

Link: CVE-2026-23014

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-01-28T15:16:17.833

Modified: 2026-04-27T14:16:29.603

Link: CVE-2026-23014

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-28T00:00:00Z

Links: CVE-2026-23014 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:45:35Z

Weaknesses