CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23264 – Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
https://notcve.org/view.php?id=CVE-2026-23264
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 ("drm/amd: Refactor `amdgpu_aspm` to be evaluated per device") removed it, leading to very hard to debug crashes, when used with a system with two AMD GPUs of which only one supports ASPM. (cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db8359... • https://git.kernel.org/stable/c/0ab5d711ec74d9e60673900974806b7688857947 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23262 – gve: Fix stats report corruption on queue count change
https://notcve.org/view.php?id=CVE-2026-23262
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size of the NIC's stats. When the number of queues is changed, the driver's stats region is resized. If the queue count is increased, the NIC can write past the end of the allocated stats region, causing memory corruption... • https://git.kernel.org/stable/c/24aeb56f2d38edf1b324bdb4f8bc6faf9f0f540c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23258 – net: liquidio: Initialize netdev pointer before queue setup
https://notcve.org/view.php?id=CVE-2026-23258
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq(). However, the pointer to this structure is stored in oct->props[i].netdev only after the calls to netif_set_real_num_rx_queues() and netif_set_real_num_tx_queues(). If either of these functions fails, setup_nic_devices() returns an error without freeing the allocated netdev. Since oct->props[i].netdev is stil... • https://git.kernel.org/stable/c/c33c997346c34ea7b89aec99524ad9632a2f1e0c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23257 – net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
https://notcve.org/view.php?id=CVE-2026-23257
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tes... • https://git.kernel.org/stable/c/f21fb3ed364bb83533c5efe19354e337ea9ecda9 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23256 – net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
https://notcve.org/view.php?id=CVE-2026-23256
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Compile tested only. Issue found using code review. • https://git.kernel.org/stable/c/846b46873eeb3baf40f7e6d8fe8f98aec95e7727 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23255 – net: add proper RCU protection to /proc/net/ptype
https://notcve.org/view.php?id=CVE-2026-23255
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_show() violate RCU rules. ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev to get device name without any barrier. At the same time, concurrent writers can remove a packet_type structure (which is correctly freed after an RCU grace period) and clear pt->... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71269 – btrfs: do not free data reservation in fallback from inline due to -ENOSPC
https://notcve.org/view.php?id=CVE-2025-71269
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret i... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71268 – btrfs: fix reservation leak in some error paths when inserting inline extent
https://notcve.org/view.php?id=CVE-2025-71268
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup data, resulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data() in such cases. En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: btrfs: corrige una fuga de reserva en algunas rutas de error al insertar... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23253 – media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
https://notcve.org/view.php?id=CVE-2026-23253
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which reinitializes the waitqueue list head to empty. Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the same DVR device share it), this orphans any existing waitqueue entries from io_uring poll or epoll, leaving them with... • https://git.kernel.org/stable/c/34731df288a5ffe4b0c396caf8cd24c6a710a222 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23247 – tcp: secure_seq: add back ports to TS offset
https://notcve.org/view.php?id=CVE-2026-23247
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") tcp_tw_recycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie side-channel that can be fixed in multiple ways. One of them is to bring back TCP ports in TS offset randomization. As a bonus, we perform a single siphash() computation to provide both an ISN and a TS offset. En ... • https://git.kernel.org/stable/c/28ee1b746f493b7c62347d714f58fbf4f70df4f0 •