Description
In the Linux kernel, the following vulnerability has been resolved:

perf: Ensure swevent hrtimer is properly destroyed

With the change to hrtimer_try_to_cancel() in
perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to
still be active by the time the event gets freed.

Make sure the event does a full hrtimer_cancel() on the free path by
installing a perf_event::destroy handler.
Published: 2026-01-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Use‑after‑free of perf event timer
Action: Apply Patch
AI Analysis

Impact

The Linux kernel contains a flaw where a high‑resolution timer used by perf events can remain active when the event is freed. Because the timer is not fully cancelled, freeing the event can trigger a use‑after‑free condition that may corrupt kernel memory and destabilize the system. That is the primary impact of this vulnerability.

Affected Systems

All Linux kernels from version 6.18 and all 6.19 release candidates 1 through 8 are affected.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of less than 1% shows a very low probability of automated exploitation. This vulnerability is not listed in CISA’s KEV catalog. The description does not specify the required privilege level or attack vector, so the exact exploitation path remains unspecified. The available data does not confirm that local or elevated privileges are required, nor does it confirm that kernel corruption will always lead to privilege escalation or data exfiltration.

Generated by OpenCVE AI on April 18, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the hrtimer_cancel fix, such as the latest patch release of 6.18 or any 6.19 release candidate that incorporates the fix
  • Reboot the system after applying the update to ensure the new kernel is active
  • If an update is not immediately available, disable perf events or reduce their usage until a patched kernel is installed

Generated by OpenCVE AI on April 18, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 25 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

Thu, 29 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 28 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.
Title perf: Ensure swevent hrtimer is properly destroyed
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:07.550Z

Reserved: 2026-01-13T15:37:45.940Z

Link: CVE-2026-23014

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-28T15:16:17.833

Modified: 2026-03-25T19:46:35.820

Link: CVE-2026-23014

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-28T00:00:00Z

Links: CVE-2026-23014 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:45:05Z

Weaknesses