CVE-2026-23044

{"id": "CVE-2026-23044", "cveTags": [], "metrics": {}, "published": "2026-02-04T16:16:19.897", "references": [{"url": "https://git.kernel.org/stable/c/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b7a883b0135dbc6817e90a829421c9fc8cd94bad", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: Fix crash when freeing invalid crypto compressor\n\nWhen crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL.\n\nThe cleanup code in save_compressed_image() and load_compressed_image()\nunconditionally calls crypto_free_acomp() without checking for ERR_PTR,\nwhich causes crypto_acomp_tfm() to dereference an invalid pointer and\ncrash the kernel.\n\nThis can be triggered when the compression algorithm is unavailable\n(e.g., CONFIG_CRYPTO_LZO not enabled).\n\nFix by adding IS_ERR_OR_NULL() checks before calling crypto_free_acomp()\nand acomp_request_free(), similar to the existing kthread_stop() check.\n\n[ rjw: Added 2 empty code lines ]"}], "lastModified": "2026-02-04T16:33:44.537", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}