CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23014 – perf: Ensure swevent hrtimer is properly destroyed
https://notcve.org/view.php?id=CVE-2026-23014
28 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible... • https://git.kernel.org/stable/c/eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2026-24813 – A null pointer dereference in abcz316/SKRoot-linuxKernelRoot
https://notcve.org/view.php?id=CVE-2026-24813
27 Jan 2026 — NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot. • https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1418 – GPAC SRT Subtitle Import text_to_bifs.c gf_text_import_srt_bifs out-of-bounds write
https://notcve.org/view.php?id=CVE-2026-1418
26 Jan 2026 — A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. • https://github.com/enocknt/gpac/commit/10c73b82cf0e367383d091db38566a0e4fe71772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1417 – GPAC filedump.c dump_isom_rtp null pointer dereference
https://notcve.org/view.php?id=CVE-2026-1417
26 Jan 2026 — A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. • https://github.com/enocknt/gpac/commit/f96bd57c3ccdcde4335a0be28cd3e8fe296993de • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1416 – GPAC filedump.c DumpMovieInfo null pointer dereference
https://notcve.org/view.php?id=CVE-2026-1416
26 Jan 2026 — A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. • https://github.com/enocknt/gpac/commit/d45c264c20addf0c1cc05124ede33f8ffa800e68 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1415 – GPAC media_export.c gf_media_export_webvtt_metadata null pointer dereference
https://notcve.org/view.php?id=CVE-2026-1415
26 Jan 2026 — A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. • https://github.com/enocknt/gpac/commit/af951b892dfbaaa38336ba2eba6d6a42c25810fd • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23013 – net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback
https://notcve.org/view.php?id=CVE-2026-23013
25 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. ... In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. • https://git.kernel.org/stable/c/1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23012 – mm/damon/core: remove call_control in inactive contexts
https://notcve.org/view.php?id=CVE-2026-23012
25 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to the context's call_controls list. In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is no... • https://git.kernel.org/stable/c/004ded6bee11b8ed463cdc54b89a4390f4b64f6d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23011 – ipv4: ip_gre: make ipgre_header() robust
https://notcve.org/view.php?id=CVE-2026-23011
25 Jan 2026 — Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 1322 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: mld mld_ifc_work RIP: 0010:skb_panic+0x157/0x160 net/core/skbuff.c:213 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23010 – ipv6: Fix use-after-free in inet6_addr_del().
https://notcve.org/view.php?id=CVE-2026-23010
25 Jan 2026 — [0]: BUG: KASAN: slab-use-after-free in inet6_addr_del.constprop.0+0x67a/0x6b0 net/ipv6/addrconf.c:3117 Read of size 4 at addr ffff88807b89c86c by task syz.3.1618/9593 CPU: 0 UID: 0 PID: 9593 Comm: syz.3.1618 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: