CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23312 – net: usb: kaweth: validate USB endpoints
https://notcve.org/view.php?id=CVE-2026-23312
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23290 – net: usb: pegasus: validate USB endpoints
https://notcve.org/view.php?id=CVE-2026-23290
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23289 – IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
https://notcve.org/view.php?id=CVE-2026-23289
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() Fix a user triggerable leak on the system call failure path. • https://git.kernel.org/stable/c/ec34a922d243c3401a694450734e9effb2bafbfe •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23286 – atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
https://notcve.org/view.php?id=CVE-2026-23286
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr-deref in lec_arp_clear_vccs(). This issue can be easily reproduced using the syzkaller reproducer. In the ATM LANE (LAN Emulation) module, the same atm_vcc can be shared by multiple lec_arp_table entries (e.g., via entry->vcc or entry->recv_vcc). When the underlying VCC is closed, lec_vcc_close() iterates over all ARP entries and calls lec_arp_clear_vccs() for ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-31788 – xen/privcmd: restrict usage in unprivileged domU
https://notcve.org/view.php?id=CVE-2026-31788
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will deny any hypercalls affecting other domains. In case the guest is booted using secure boot, however, the privcmd driver would be enabling a root user process to modify e.g. kernel memory contents, thus breaking the sec... • https://git.kernel.org/stable/c/87a803edb2ded911cb587c53bff179d2a2ed2a28 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23266 – fbdev: rivafb: fix divide error in nv3_arb()
https://notcve.org/view.php?id=CVE-2026-23266
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitration parameters in nv3_arb(), using state->mclk_khz (derived from the PRAMDAC MCLK PLL) as a divisor without validating it first. In a normal setup, state->mclk_khz is provided by the real hardware and is non-zero. However, an attacke... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23255 – net: add proper RCU protection to /proc/net/ptype
https://notcve.org/view.php?id=CVE-2026-23255
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_show() violate RCU rules. ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev to get device name without any barrier. At the same time, concurrent writers can remove a packet_type structure (which is correctly freed after an RCU grace period) and clear pt->... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23253 – media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
https://notcve.org/view.php?id=CVE-2026-23253
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which reinitializes the waitqueue list head to empty. Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the same DVR device share it), this orphans any existing waitqueue entries from io_uring poll or epoll, leaving them with... • https://git.kernel.org/stable/c/34731df288a5ffe4b0c396caf8cd24c6a710a222 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23238 – romfs: check sb_set_blocksize() return value
https://notcve.org/view.php?id=CVE-2026-23238
04 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by setting a loop device's block size larger than PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs filesystem on that device. When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=40... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23212 – bonding: annotate data-races around slave->last_rx
https://notcve.org/view.php?id=CVE-2026-23212
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bon... • https://git.kernel.org/stable/c/f5b2b966f032f22d3a289045a5afd4afa09f09c6 •