Description
In the Linux kernel, the following vulnerability has been resolved:

ftrace: Do not over-allocate ftrace memory

The pg_remaining calculation in ftrace_process_locs() assumes that
ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the
allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE
(integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g.
4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages)
have significantly more capacity than 256 * 170. This leads to pg_remaining
being underestimated, which in turn makes skip (derived from skipped -
pg_remaining) larger than expected, causing the WARN(skip != remaining)
to trigger.

Extra allocated pages for ftrace: 2 with 654 skipped
WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0

A similar problem in ftrace_allocate_records() can result in allocating
too many pages. This can trigger the second warning in
ftrace_process_locs().

Extra allocated pages for ftrace
WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580

Use the actual capacity of a page group to determine the number of pages
to allocate. Have ftrace_allocate_pages() return the number of allocated
pages to avoid having to calculate it. Use the actual page group capacity
when validating the number of unused pages due to skipped entries.
Drop the definition of ENTRIES_PER_PAGE since it is no longer used.
Published: 2026-02-04
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via excessive memory allocation
Action: Apply Patch
AI Analysis

Impact

A bug in the Linux kernel’s ftrace subsystem miscalculates the capacity of allocated page groups, causing the system to underestimate available pages. This misestimation leads to over‑allocating memory for trace records, which in turn triggers warning messages indicating a mismatch between expected and remaining pages. While the bug does not directly corrupt memory, the excessive allocation can consume more RAM than intended, potentially destabilizing the system or exhausting available memory, thereby impacting availability. The weakness corresponds to excessive resource allocation, as defined by CWE‑469.

Affected Systems

The vulnerability applies to all Linux kernel releases prior to the upstream commit that fixed the ftrace calculation logic. Specific affected version ranges are not listed in the advisory; however, any kernel before the patch, regardless of distribution, is potentially impacted. The advisory references the Linux:Linux vendor with no version restrictions.

Risk and Exploitability

The CVSS score of 7.0 indicates a high severity, yet the EPSS score is reported as less than 1%, suggesting that active exploitation is unlikely at this time. The bug is not listed in the CISA KEV catalog, further reducing the immediate threat. Attackers would need privileged access to enable or manipulate ftrace at kernel level to trigger the over‑allocation. Based on the description, it is inferred that the likely attack vector is local and requires superuser privileges. Because the symptoms manifest mainly as kernel warnings rather than an untrusted input exploit, the risk is high but the actual exploitation window is limited.

Generated by OpenCVE AI on April 18, 2026 at 18:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the running Linux kernel to a version that contains the ftrace allocation fix.
  • Reboot the system to load the updated kernel.
  • If an update cannot be performed immediately, consider disabling ftrace or reducing its buffer size (for example, set ftrace buffer limits to minimal values) to prevent excessive page allocation while the patch is pending.

Generated by OpenCVE AI on April 18, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-469

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pg_remaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger. Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0 A similar problem in ftrace_allocate_records() can result in allocating too many pages. This can trigger the second warning in ftrace_process_locs(). Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580 Use the actual capacity of a page group to determine the number of pages to allocate. Have ftrace_allocate_pages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIES_PER_PAGE since it is no longer used.
Title ftrace: Do not over-allocate ftrace memory
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:49.966Z

Reserved: 2026-01-13T15:37:45.950Z

Link: CVE-2026-23052

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-04T17:16:15.867

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23052

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23052 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:45:05Z

Weaknesses