CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23133 – wifi: ath10k: fix dma_free_coherent() pointer
https://notcve.org/view.php?id=CVE-2026-23133
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. ... • https://git.kernel.org/stable/c/2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23128 – arm64: Set __nocfi on swsusp_arch_resume()
https://notcve.org/view.php?id=CVE-2026-23128
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: Set __nocfi on swsusp_arch_resume() A DABT is reported[1] on an android based system when resume from hiberate. This happens because swsusp_arch_suspend_exit() is marked with SYM_CODE_*() and does not have a CFI hash, but swsusp_arch_resume() will attempt to verify the CFI hash when calling a copy of swsusp_arch_suspend_exit(). Given that there's an existing requirement that the entrypoint to swsusp_arch_suspend_exit() is the first b... • https://git.kernel.org/stable/c/89245600941e4e0f87d77f60ee269b5e61ef4e49 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23126 – netdevsim: fix a race issue related to the operation on bpf_bound_progs list
https://notcve.org/view.php?id=CVE-2026-23126
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpf_bound_progs list The netdevsim driver lacks a protection mechanism for operations on the bpf_bound_progs list. When the nsim_bpf_create_prog() performs list_add_tail, it is possible that nsim_bpf_destroy_prog() is simultaneously performs list_del. Concurrent operations on the list may lead to list corruption and trigger a kernel crash as follows: [ 417.290971] kernel BUG at lib/lis... • https://git.kernel.org/stable/c/31d3ad832948c75139b0e5b653912f7898a1d5d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23125 – sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
https://notcve.org/view.php?id=CVE-2026-23125
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline] RIP: 0010:sctp_packet_appe... • https://git.kernel.org/stable/c/730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23124 – ipv6: annotate data-race in ndisc_router_discovery()
https://notcve.org/view.php?id=CVE-2026-23124
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndisc_router_discovery() syzbot found that ndisc_router_discovery() could read and write in6_dev->ra_mtu without holding a lock [1] This looks fine, IFLA_INET6_RA_MTU is best effort. Add READ_ONCE()/WRITE_ONCE() to document the race. Note that we might also reject illegal MTU values (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) in a future patch. [1] BUG: KCSAN: data-race in ndisc_router_discovery / ndisc_router_di... • https://git.kernel.org/stable/c/49b99da2c9ce13ffcd93fe3a0f5670791c1d76f7 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23121 – mISDN: annotate data-race around dev->work
https://notcve.org/view.php?id=CVE-2026-23121
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations. BUG: KCSAN: data-race in mISDN_ioctl / mISDN_read write to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1: misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline] mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597... • https://git.kernel.org/stable/c/1b2b03f8e514e4f68e293846ba511a948b80243c •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2026-23120 – l2tp: avoid one data-race in l2tp_tunnel_del_work()
https://notcve.org/view.php?id=CVE-2026-23120
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release write to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0: sk_set_socket include/net/sock.h:2092 [inline] sock_orphan include/net/sock.h:2118 [inline] sk_common_release+0xae/0x230 net/core/sock.c:4003 udp_lib_close... • https://git.kernel.org/stable/c/d00fa9adc528c1b0e64d532556764852df8bd7b9 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23119 – bonding: provide a net pointer to __skb_flow_dissect()
https://notcve.org/view.php?id=CVE-2026-23119
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to __skb_flow_dissect() After 3cbf4ffba5ee ("net: plumb network namespace into __skb_flow_dissect") we have to provide a net pointer to __skb_flow_dissect(), either via skb->dev, skb->sk, or a user provided pointer. In the following case, syzbot was able to cook a bare skb. WARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053 Call Tr... • https://git.kernel.org/stable/c/58deb77cc52da9360d20676e68dd215742cbe473 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23118 – rxrpc: Fix data-race warning and potential load/store tearing
https://notcve.org/view.php?id=CVE-2026-23118
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet which is reporting an issue with the reads and writes to ->last_tx_at in: conn->peer->last_tx_at = ktime_get_seconds(); and: keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME; The lockless accesses to these to values aren't actually a problem as the read only needs an approximate... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23116 – pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
https://notcve.org/view.php?id=CVE-2026-23116
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/608d7c325e855cb4a853afef3cd9f0df594bd12d •