FKIE_CVE-2026-23052

Vulnerability from fkie_nvd - Published: 2026-02-04 17:16 - Updated: 2026-02-05 14:57
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pg_remaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger. Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0 A similar problem in ftrace_allocate_records() can result in allocating too many pages. This can trigger the second warning in ftrace_process_locs(). Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580 Use the actual capacity of a page group to determine the number of pages to allocate. Have ftrace_allocate_pages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIES_PER_PAGE since it is no longer used.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9aef476717994e96dadfb359641c4b82b521aa36
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/be55257fab181b93af38f8c4b1b3cb453a78d742
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Do not over-allocate ftrace memory\n\nThe pg_remaining calculation in ftrace_process_locs() assumes that\nENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the\nallocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE\n(integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g.\n4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages)\nhave significantly more capacity than 256 * 170. This leads to pg_remaining\nbeing underestimated, which in turn makes skip (derived from skipped -\npg_remaining) larger than expected, causing the WARN(skip != remaining)\nto trigger.\n\nExtra allocated pages for ftrace: 2 with 654 skipped\nWARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0\n\nA similar problem in ftrace_allocate_records() can result in allocating\ntoo many pages. This can trigger the second warning in\nftrace_process_locs().\n\nExtra allocated pages for ftrace\nWARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580\n\nUse the actual capacity of a page group to determine the number of pages\nto allocate. Have ftrace_allocate_pages() return the number of allocated\npages to avoid having to calculate it. Use the actual page group capacity\nwhen validating the number of unused pages due to skipped entries.\nDrop the definition of ENTRIES_PER_PAGE since it is no longer used."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nftrace: No sobreasignar memoria de ftrace\n\nEl c\u00e1lculo de pg_remaining en ftrace_process_locs() asume que ENTRIES_PER_PAGE multiplicado por 2^order es igual a la capacidad real del grupo de p\u00e1ginas asignado. Sin embargo, ENTRIES_PER_PAGE es PAGE_SIZE / ENTRY_SIZE (divisi\u00f3n entera). Cuando PAGE_SIZE no es un m\u00faltiplo de ENTRY_SIZE (por ejemplo, 4096 / 24 = 170 con resto 16), las asignaciones de orden superior (como 256 p\u00e1ginas) tienen significativamente m\u00e1s capacidad que 256 * 170. Esto lleva a que pg_remaining sea subestimado, lo que a su vez hace que skip (derivado de skipped - pg_remaining) sea mayor de lo esperado, lo que provoca que se active el WARN(skip != remaining).\n\nP\u00e1ginas extra asignadas para ftrace: 2 con 654 omitidas\nADVERTENCIA: CPU: 0 PID: 0 en kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0\n\nUn problema similar en ftrace_allocate_records() puede resultar en la asignaci\u00f3n de demasiadas p\u00e1ginas. Esto puede activar la segunda advertencia en ftrace_process_locs().\n\nP\u00e1ginas extra asignadas para ftrace\nADVERTENCIA: CPU: 0 PID: 0 en kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580\n\nUtilice la capacidad real de un grupo de p\u00e1ginas para determinar el n\u00famero de p\u00e1ginas a asignar. Haga que ftrace_allocate_pages() devuelva el n\u00famero de p\u00e1ginas asignadas para evitar tener que calcularlo. Utilice la capacidad real del grupo de p\u00e1ginas al validar el n\u00famero de p\u00e1ginas no utilizadas debido a entradas omitidas. Elimine la definici\u00f3n de ENTRIES_PER_PAGE ya que ya no se utiliza."
    }
  ],
  "id": "CVE-2026-23052",
  "lastModified": "2026-02-05T14:57:20.563",
  "metrics": {},
  "published": "2026-02-04T17:16:15.867",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9aef476717994e96dadfb359641c4b82b521aa36"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/be55257fab181b93af38f8c4b1b3cb453a78d742"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.