CVE-2026-23002

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23002
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23002.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23002
Downstream
Related
Published
2026-01-25T14:36:16.713Z
Modified
2026-05-15T11:54:23.682462123Z
Summary
lib/buildid: use __kernel_read() for sleepable context
Details

In the Linux kernel, the following vulnerability has been resolved:

lib/buildid: use _kernelread() for sleepable context

Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemapreadfolio".

For the sleepable context, convert freader to use _kernelread() instead of direct page cache access via readcachefolio(). This simplifies the faultable code path by using the standard kernel file reading interface which handles all the complexity of reading file data.

At the moment we are not changing the code for non-sleepable context which uses filemapgetfolio() and only succeeds if the target folios are already in memory and up-to-date. The reason is to keep the patch simple and easier to backport to stable kernels.

Syzbot repro does not crash the kernel anymore and the selftests run successfully.

In the follow up we will make __kernelread() with IOCBNOWAIT work for non-sleepable contexts. In addition, I would like to replace the secretmem check with a more generic approach and will add fstest for the buildid code.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23002.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.67
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23002.json"