Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() unconditionally calls crypto_free_acomp() without checking for ERR_PTR, which causes crypto_acomp_tfm() to dereference an invalid pointer and crash the kernel. This can be triggered when the compression algorithm is unavailable (e.g., CONFIG_CRYPTO_LZO not enabled). Fix by adding IS_ERR_OR_NULL() checks before calling crypto_free_acomp() and acomp_request_free(), similar to the existing kthread_stop() check. [ rjw: Added 2 empty code lines ]
References
- https://git.kernel.org/stable/c/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77
- https://git.kernel.org/stable/c/b7a883b0135dbc6817e90a829421c9fc8cd94bad
FAQ
What is CVE-2026-23044?
CVE-2026-23044 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not ...
How severe is CVE-2026-23044?
CVSS scoring is not yet available for CVE-2026-23044. Check NVD for updates.
Is there a patch for CVE-2026-23044?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.