CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23071 – regmap: Fix race condition in hwspinlock irqsave routine
https://notcve.org/view.php?id=CVE-2026-23071
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map->spinlock_flags' was passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race condition where multiple contexts contending for the lock could overwrite the shared flags variable, potentially corrupting the state for the current lock owner. Fix this by using a local stack variable 'flags' to store the IRQ state temporarily... • https://git.kernel.org/stable/c/8698b9364710e7bac84b3af07dd410e39c8c2e08 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23070 – Octeontx2-af: Add proper checks for fwdata
https://notcve.org/view.php?id=CVE-2026-23070
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes (supported, advertised) and EEPROM data in shared firmware structure which kernel access via MAC block(CGX/RPM). Accessing fwdata, on boards booted with out MAC block leading to kernel panics. Internal error: Oops: 0000000096000005 [#1] SMP [ 10.460721] Modules linked in: [ 10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g7... • https://git.kernel.org/stable/c/997814491cee7b19c162ad82439818e555f99ad9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23069 – vsock/virtio: fix potential underflow in virtio_transport_get_credit()
https://notcve.org/view.php?id=CVE-2026-23069
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse ... • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23068 – spi: spi-sprd-adi: Fix double free in probe error path
https://notcve.org/view.php?id=CVE-2026-23068
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(). If devm_register_restart_handler() fails, the code jumps to the put_ctlr label and calls spi_controller_put(). However, since the controller was registered via a devm function, the device core will automatically call spi_controller_put() again when the probe fails... • https://git.kernel.org/stable/c/ac1775012058e13ef1522938e27f5973d9e3f053 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23066 – rxrpc: Fix recvmsg() unconditional requeue
https://notcve.org/view.php?id=CVE-2026-23066
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locked, it requeues the call - whether or not the call is already queued. The call may be on the queue because MSG_PEEK was also passed and so the call was not dequeued or because the I/O thread requeued it. The unconditional requeue may then corrupt the recvmsg queue, le... • https://git.kernel.org/stable/c/540b1c48c37ac0ad66212004db21e1ff7e2d78be •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23065 – platform/x86/amd: Fix memory leak in wbrf_record()
https://notcve.org/view.php?id=CVE-2026-23065
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the error path. Fix this by explicitly freeing the tmp buffer in the error handling path of acpi_evaluate_dsm(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable... • https://git.kernel.org/stable/c/58e82a62669da52e688f4a8b89922c1839bf1001 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23064 – net/sched: act_ife: avoid possible NULL deref
https://notcve.org/view.php?id=CVE-2026-23064
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT... • https://git.kernel.org/stable/c/295a6e06d21e1f469c9f38b00125a13b60ad4e7c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23063 – uacce: ensure safe queue release with state management
https://notcve.org/view.php?id=CVE-2026-23063
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `... • https://git.kernel.org/stable/c/015d239ac0142ad0e26567fd890ef8d171f13709 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23062 – platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro
https://notcve.org/view.php?id=CVE-2026-23062
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' instead of '<', causing access beyond array bounds. Since array indices are 0-based and go from 0 to instances_count-1, the loop should use '<'. 2. Missing NULL check: The code dereferenced attr_name_kobj->name without checking if attr_name... • https://git.kernel.org/stable/c/5f94f181ca25d8c5b77beb2da0cb466ddb6ece29 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23061 – can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23061
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback kvaser_usb_read_bulk_callback(), the URBs are processed and re... • https://git.kernel.org/stable/c/080f40a6fa28dab299da7a652e444b1e2d9231e7 •