CVE-2026-23014 — Vulnetix

CVE-2026-23014 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event does a full hrtimer_cancel() on the free path by installing a perf_event::destroy handler.

EPSS 0.03% · 7.4th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.03%

7.4th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.19, 6.18, 6.18
Linux	Linux	eb3182ef0405ff2f6668fd3e5ff9883f60ce8801, 6b8c512811644cf2f5eaf6f44e928683c54127f0, 6.18

Exploit Intelligence

CIRCL seen: CVE-2026-23014 (circl-sighting)
https://git.kernel.org/stable/c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235 (circl)
https://git.kernel.org/stable/c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9 (circl)

Timeline

Jan 28, 2026 CVE Published
Jan 28, 2026 PoC Published
Jan 28, 2026 CVE Updated
Jan 29, 2026 EPSS Score
Jan 30, 2026 Security Advisory
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 8, 2026 EPSS Score
Feb 10, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score

References

Open in Interactive Console →