CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23176 – platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
https://notcve.org/view.php?id=CVE-2026-23176
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remove() does not free the object pointed to by toshiba_haps before clearing that pointer, so it becomes unreachable allocated memory. Address these memory leaks by using devm_kzalloc() for allocating the memory in question. In the Linux ke... • https://git.kernel.org/stable/c/23d0ba0c908ac10139f0351023c64198d7fc1409 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71224 – wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
https://notcve.org/view.php?id=CVE-2025-71224
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in which case the OCB interface is not operational. Skip RX peer handling when the interface is not joined to avoid warnings in the RX path. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_s... • https://git.kernel.org/stable/c/239281f803e2efdb77d906ef296086b6917e5d71 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71222 – wifi: wlcore: ensure skb headroom before skb_push
https://notcve.org/view.php?id=CVE-2025-71222
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes). In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 by... • https://git.kernel.org/stable/c/f5fc0f86b02afef1119b523623b4cde41475bc8c •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71221 – dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
https://notcve.org/view.php?id=CVE-2025-71221
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when multiple threads call tx_status() while the tasklet on another CPU is freeing completed descriptors: CPU 0 CPU 1 ----- ----- mmp_pdma_tx_status() mmp_pdma_residue() -> NO LOCK held list_for_each_entry(sw, ..) DMA interrupt dma_do_tasklet(... • https://git.kernel.org/stable/c/1b38da264674d6a0fe26a63996b8f88b88c3da48 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23170 – drm/imx/tve: fix probe device leak
https://notcve.org/view.php?id=CVE-2026-23170
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. • https://git.kernel.org/stable/c/fcbc51e54d2aa9d402206601f4894251049e5d77 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23167 – nfc: nci: Fix race between rfkill and nci_unregister_device().
https://notcve.org/view.php?id=CVE-2026-23167
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nci_unregister_device(). syzbot reported the splat below [0] without a repro. It indicates that struct nci_dev.cmd_wq had been destroyed before nci_close_device() was called via rfkill. nci_dev.cmd_wq is only destroyed in nci_unregister_device(), which (I think) was called from virtual_ncidev_close() when syzbot close()d an fd of virtual_ncidev. The problem is that nci_unregister_device() destroys nci_d... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23157 – btrfs: do not strictly require dirty metadata threshold for metadata writepages
https://notcve.org/view.php?id=CVE-2026-23157
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. T... • https://git.kernel.org/stable/c/793955bca66c99defdffc857ae6eb7e8431d6bbe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23150 – nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
https://notcve.org/view.php?id=CVE-2026-23150
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk_buff, nfc_dev, etc. [0] The leading log hinted that nfc_llcp_send_ui_frame() failed to allocate skb due to sock_error(sk) being -ENXIO. ENXIO is set by nfc_llcp_socket_release() when struct nfc_llcp_local is destroyed by local_cleanup(). The problem is that there is no synchronisation between nfc_llcp_send_ui_fra... • https://git.kernel.org/stable/c/94f418a206648c9be6fd84d6681d6956b8f8b106 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23137 – of: unittest: Fix memory leak in unittest_data_add()
https://notcve.org/view.php?id=CVE-2026-23137
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory ... • https://git.kernel.org/stable/c/2eb46da2a760e5764c48b752a5ef320e02b96b21 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23125 – sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
https://notcve.org/view.php?id=CVE-2026-23125
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline] RIP: 0010:sctp_packet_appe... • https://git.kernel.org/stable/c/730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 •