CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23124 – ipv6: annotate data-race in ndisc_router_discovery()
https://notcve.org/view.php?id=CVE-2026-23124
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndisc_router_discovery() syzbot found that ndisc_router_discovery() could read and write in6_dev->ra_mtu without holding a lock [1] This looks fine, IFLA_INET6_RA_MTU is best effort. Add READ_ONCE()/WRITE_ONCE() to document the race. Note that we might also reject illegal MTU values (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) in a future patch. [1] BUG: KCSAN: data-race in ndisc_router_discovery / ndisc_router_di... • https://git.kernel.org/stable/c/49b99da2c9ce13ffcd93fe3a0f5670791c1d76f7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23123 – interconnect: debugfs: initialize src_node and dst_node to empty strings
https://notcve.org/view.php?id=CVE-2026-23123
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string pointer is either NULL or points to valid kmalloc() memory. Leaving the pointer uninitialized can cause problems. Initialize src_node and dst_node to empty strings before creating the debugfs entries to guarantee that reads and writes are safe. In the Linux kernel, the following vulnerability has been resolved: inter... • https://git.kernel.org/stable/c/770c69f037c18cfaa37c3d6c6ef8bd257635513f •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23121 – mISDN: annotate data-race around dev->work
https://notcve.org/view.php?id=CVE-2026-23121
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations. BUG: KCSAN: data-race in mISDN_ioctl / mISDN_read write to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1: misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline] mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597... • https://git.kernel.org/stable/c/1b2b03f8e514e4f68e293846ba511a948b80243c •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2026-23120 – l2tp: avoid one data-race in l2tp_tunnel_del_work()
https://notcve.org/view.php?id=CVE-2026-23120
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release write to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0: sk_set_socket include/net/sock.h:2092 [inline] sock_orphan include/net/sock.h:2118 [inline] sk_common_release+0xae/0x230 net/core/sock.c:4003 udp_lib_close... • https://git.kernel.org/stable/c/d00fa9adc528c1b0e64d532556764852df8bd7b9 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23119 – bonding: provide a net pointer to __skb_flow_dissect()
https://notcve.org/view.php?id=CVE-2026-23119
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to __skb_flow_dissect() After 3cbf4ffba5ee ("net: plumb network namespace into __skb_flow_dissect") we have to provide a net pointer to __skb_flow_dissect(), either via skb->dev, skb->sk, or a user provided pointer. In the following case, syzbot was able to cook a bare skb. WARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053 Call Tr... • https://git.kernel.org/stable/c/58deb77cc52da9360d20676e68dd215742cbe473 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23118 – rxrpc: Fix data-race warning and potential load/store tearing
https://notcve.org/view.php?id=CVE-2026-23118
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet which is reporting an issue with the reads and writes to ->last_tx_at in: conn->peer->last_tx_at = ktime_get_seconds(); and: keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME; The lockless accesses to these to values aren't actually a problem as the read only needs an approximate... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23116 – pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
https://notcve.org/view.php?id=CVE-2026-23116
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/608d7c325e855cb4a853afef3cd9f0df594bd12d •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23113 – io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
https://notcve.org/view.php?id=CVE-2026-23113
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking (which will create a new worker for other items), or they complete fairly quickly. But syzbot reports an issue where io-wq takes seemingly forever to exit, and with a bit of debugging, this turns out to be because it queues a bunch of big (2GB - 4096b) reads wi... • https://git.kernel.org/stable/c/c60eb049f4a19ddddcd3ee97a9c79ab8066a6a03 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71200 – mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode
https://notcve.org/view.php?id=CVE-2025-71200
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes. Add a check to prevent illegal clock reduction through debugfs: root@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock root@debian:/# [ 30.090146] mmc0: ... • https://git.kernel.org/stable/c/c6f361cba51c536e7a6af31973c6a4e5d7e4e2e4 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23112 – nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
https://notcve.org/view.php?id=CVE-2026-23112
13 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •