CVE-2026-23044
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM: hibernate: Fix crash when freeing invalid crypto compressor
When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL.
The cleanup code in save_compressed_image() and load_compressed_image() unconditionally calls crypto_free_acomp() without checking for ERR_PTR, which causes crypto_acomp_tfm() to dereference an invalid pointer and crash the kernel.
This can be triggered when the compression algorithm is unavailable (e.g., CONFIG_CRYPTO_LZO not enabled).
Fix by adding IS_ERR_OR_NULL() checks before calling crypto_free_acomp() and acomp_request_free(), similar to the existing kthread_stop() check.
[ rjw: Added 2 empty code lines ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b03d542c3c9569f549b1ba0cf7f4d90151fbf8ab < b7a883b0135dbc6817e90a829421c9fc8cd94bad | affected |
| Linux | Linux | b03d542c3c9569f549b1ba0cf7f4d90151fbf8ab < 7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77 | affected |
| Linux | Linux | 6.15 | affected |
| Linux | Linux | 0 < 6.15 | unaffected |
| Linux | Linux | 6.18.6 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b7a883b0135dbc6817e90a829421c9fc8cd94bad
- https://git.kernel.org/stable/c/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.