CVE-2026-23014

{"id": "CVE-2026-23014", "cveTags": [], "metrics": {}, "published": "2026-01-28T15:16:17.833", "references": [{"url": "https://git.kernel.org/stable/c/deee9dfb111ab00f9dfd46c0c7e36656b80f5235", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ff5860f5088e9076ebcccf05a6ca709d5935cfa9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Ensure swevent hrtimer is properly destroyed\n\nWith the change to hrtimer_try_to_cancel() in\nperf_swevent_cancel_hrtimer() it appears possible for the hrtimer to\nstill be active by the time the event gets freed.\n\nMake sure the event does a full hrtimer_cancel() on the free path by\ninstalling a perf_event::destroy handler."}], "lastModified": "2026-01-29T16:31:00.867", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}