CVE-2026-23052
Description
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Do not over-allocate ftrace memory
The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 = 170 with remainder 16), high-order allocations (like 256 pages) have significantly more capacity than 256 * 170. This leads to pg_remaining being underestimated, which in turn makes skip (derived from skipped - pg_remaining) larger than expected, causing the WARN(skip != remaining) to trigger.
Extra allocated pages for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace_process_locs+0x5bf/0x5e0
A similar problem in ftrace_allocate_records() can result in allocating too many pages. This can trigger the second warning in ftrace_process_locs().
Extra allocated pages for ftrace WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580
Use the actual capacity of a page group to determine the number of pages to allocate. Have ftrace_allocate_pages() return the number of allocated pages to avoid having to calculate it. Use the actual page group capacity when validating the number of unused pages due to skipped entries. Drop the definition of ENTRIES_PER_PAGE since it is no longer used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel ftrace, miscalculated page capacity due to integer division leads to over-allocation and triggers WARN_ON().
Vulnerability
In the Linux kernel's ftrace subsystem, the functions ftrace_process_locs() and ftrace_allocate_records() contain a memory allocation flaw. The macro ENTRIES_PER_PAGE is computed as PAGE_SIZE / ENTRY_SIZE using integer division. When PAGE_SIZE is not a multiple of ENTRY_SIZE (e.g., 4096 / 24 = 170 with remainder 16), high-order page allocations (e.g., 256 pages) have more capacity than 256 * 170 entries. This causes pg_remaining to be underestimated, leading to incorrect skip values and triggering the WARN_ON at line 7295 in ftrace_process_locs().
Exploitation
This vulnerability is triggered during kernel initialization when ftrace processes record locations. No special privileges or authentication are required, as the bug manifests at boot time. An attacker would need to influence the kernel to load a specific set of ftrace records, but the primary risk is system instability or denial of service due to excessive memory allocation and warning messages.
Impact
The miscalculation results in allocating more memory than necessary (extra pages), and may cause kernel warnings such as "Extra allocated pages for ftrace: 2 with 654 skipped" or "Extra allocated pages for ftrace". While these warnings do not directly lead to code execution, they indicate a memory management error that could cascade into other issues if left unpatched.
Mitigation
A fix is available in the Linux kernel stable branch as commit [be55257fab181b93af38f8c4b1b3cb453a78d742][1]. The patch removes the ENTRIES_PER_PAGE macro and uses the actual page group capacity for allocation calculations. Users should apply the update to their kernel.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.