CVE-2026-23014

The CVE-2026-23014 issue concerns the Linux kernel perf subsystem, specifically the swevent hrtimer. The root cause is that after changing hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer(), the hrtimer could remain active when the event is freed. The fix adds a full hrtimer_cancel() on the...

CVE-2026-23014 perf: Ensure swevent hrtimer is properly destroyed

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimertrytocancel in perfsweventcancelhrtimer it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event doe...

Linux Kernel Privilege Escalation Vulnerability

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...

VulnCheck KEV: CVE-2013-2094

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...