CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23094 – uacce: fix isolate sysfs check condition
https://notcve.org/view.php?id=CVE-2026-23094
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolate_err_threshold_read and isolate_err_threshold_write callback functions, uacce will create sysfs files now. Users can read and configure the isolation policy through sysfs. Currently, sysfs files are created as long as either isolate_err_threshold_read or isolate_err_threshold_write callback functions are present. However... • https://git.kernel.org/stable/c/e3e289fbc0b520cf469469e8cdba84a50424eb65 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23093 – ksmbd: smbd: fix dma_unmap_sg() nents
https://notcve.org/view.php?id=CVE-2026-23093
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23091 – intel_th: fix device leak on output open()
https://notcve.org/view.php?id=CVE-2026-23091
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or... • https://git.kernel.org/stable/c/39f4034693b7c7bd1fe4cb58c93259d600f55561 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23090 – slimbus: core: fix device reference leak on report present
https://notcve.org/view.php?id=CVE-2026-23090
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices. Note that this requires taking an extra reference in case the device has not yet been registered and has to be allocated. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege... • https://git.kernel.org/stable/c/46a2bb5a7f7ea2728be50f8f5b29a20267f700fe •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23089 – ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
https://notcve.org/view.php?id=CVE-2026-23089
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed memory. Later when snd_card_register() runs, the OSS mixer layer calls their callbacks and hits a use-after-free read. Call trace: get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411 get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixe... • https://git.kernel.org/stable/c/6639b6c2367f884ca172b78d69f7da17bfab2e5e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23088 – tracing: Fix crash on synthetic stacktrace field usage
https://notcve.org/view.php?id=CVE-2026-23088
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: ~# cd /sys/kernel/tracing ~# echo 's:stack unsigned long stack[];' > dynamic_events ~# echo 'hist:keys=prev_pid:s0=common_stacktrace if prev_state & 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=next_pid:s1=$s0... • https://git.kernel.org/stable/c/00cf3d672a9dd409418647e9f98784c339c3ff63 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23087 – scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
https://notcve.org/view.php?id=CVE-2026-23087
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information lea... • https://git.kernel.org/stable/c/d9d660f6e562a47b4065eeb7e538910b0471b988 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23086 – vsock/virtio: cap TX credit to local buffer size
https://notcve.org/view.php?id=CVE-2026-23086
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peer_buf_alloc, which is set from the remote endpoint's SO_VM_SOCKETS_BUFFER_SIZE value. On the host side this means that the amount of data we are willing to queue for a connection is scaled by a guest-chosen buffer size, rather than the host's own vsock configuration. A malicious guest can advertise a large buffer and read slowly, ca... • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23085 – irqchip/gic-v3-its: Avoid truncating memory addresses
https://notcve.org/view.php?id=CVE-2026-23085
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while experimenting with larger VMSPLIT configurations. This caused the qemu virt model to crash in the GICv3 driver, which allocates the 'itt' object using GFP_KERNEL. Since all memory below the 4GB physical address limit is in... • https://git.kernel.org/stable/c/cc2d3216f53c9fff0030eb71cacc4ce5f39d1d7e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23084 – be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
https://notcve.org/view.php?id=CVE-2026-23084
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is set to false, the driver may request the PMAC_ID from the firmware of the network card, and this function will store that PMAC_ID at the provided address pmac_id. This is the contract of this function. However, there is a location within the driver where both pmac_id_valid == false and pmac_id == NULL a... • https://git.kernel.org/stable/c/95046b927a54f461766f83a212c6a93bc5fd2e67 •