2439868 – (CVE-2026-23138) CVE-2026-23138 kernel: tracing: Add recursion protection in kernel stack trace recording

Bug 2439868 (CVE-2026-23138) - CVE-2026-23138 kernel: tracing: Add recursion protection in kernel stack trace recording

Summary: CVE-2026-23138 kernel: tracing: Add recursion protection in kernel stack trac...

Keywords:
Status:	NEW
Alias:	CVE-2026-23138
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-14 16:02 UTC by OSIDB Bzimport
Modified:	2026-02-19 18:44 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-14 16:02:32 UTC

In the Linux kernel, the following vulnerability has been resolved:

tracing: Add recursion protection in kernel stack trace recording

A bug was reported about an infinite recursion caused by tracing the rcu
events with the kernel stack trace trigger enabled. The stack trace code
called back into RCU which then called the stack trace again.

Expand the ftrace recursion protection to add a set of bits to protect
events from recursion. Each bit represents the context that the event is
in (normal, softirq, interrupt and NMI).

Have the stack trace code use the interrupt context to protect against
recursion.

Note, the bug showed an issue in both the RCU code as well as the tracing
stacktrace code. This only handles the tracing stack trace side of the
bug. The RCU fix will be handled separately.

Comment 1 Alexander B 2026-02-16 12:42:13 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23138-9853@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.