CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71237 – nilfs2: Fix potential block overflow that cause system hang
https://notcve.org/view.php?id=CVE-2025-71237
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a negative nblocks value will become a very large positive integer. This ultimately leads to the block layer function __blkdev_issue_discard() taking an excessively long time to process the bio chain, and the ns_segctor... • https://git.kernel.org/stable/c/82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23213 – drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
https://notcve.org/view.php?id=CVE-2026-23213
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset During Mode 1 reset, the ASIC undergoes a reset cycle and becomes temporarily inaccessible via PCIe. Any attempt to access MMIO registers during this window (e.g., from interrupt handlers or other driver threads) can result in uncompleted PCIe transactions, leading to NMI panics or system hangs. To prevent this, set the `no_hw_access` flag to true immediately after triggering the reset... • https://git.kernel.org/stable/c/ea8139d8d59bd6f014b317e7423345169a56fe49 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23214 – btrfs: reject new transactions if the fs is fully read-only
https://notcve.org/view.php?id=CVE-2026-23214
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only [BUG] There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the following warnings during unmount: BTRFS: Transaction aborted (error -22) Modules linked in: CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2... • https://git.kernel.org/stable/c/42437a6386ffeaaf200731e73d723ea491f3fe7d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23215 – x86/vmware: Fix hypercall clobbers
https://notcve.org/view.php?id=CVE-2026-23215
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025 RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90 .. Call Trace: vmmouse_report_events+0x13e/0x1b0 psmouse_handle_byte+0x15/0x60 p... • https://git.kernel.org/stable/c/34bf25e820ae1ab38f9cd88834843ba76678a2fd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23216 – scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
https://notcve.org/view.php?id=CVE-2026-23216
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such as iscsit_close_connection()) may wake up and proceed to free the iscsit_conn structure. If the waiter frees the memory before the current thread reaches spin_unlock_bh(), it results in a KASAN slab-use-after-free a... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23219 – mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single
https://notcve.org/view.php?id=CVE-2026-23219
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single When CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, the following warning may be noticed: [ 3959.023862] ------------[ cut here ]------------ [ 3959.023891] alloc_tag was not cleared (got tag for lib/xarray.c:378) [ 3959.023947] WARNING: ./include/linux/alloc_tag.h:155 at alloc_tag_add+0x128/0x178, CPU#6: mkfs.ntfs/113998 [ 3959.023978] Modules linked in: dns_resolver tun ... • https://git.kernel.org/stable/c/9f9796b413d3c417f34cae427c4e47bfdd3a7454 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23220 – ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
https://notcve.org/view.php?id=CVE-2026-23220
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In __process_request(), if check_sign_req() returns an error, set_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called. set_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting next_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain is lost. Co... • https://git.kernel.org/stable/c/943cebf9ea3415ddefcd670d24d8883e97ba3d60 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23223 – xfs: fix UAF in xchk_btree_check_block_owner
https://notcve.org/view.php?id=CVE-2026-23223
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or inf... • https://git.kernel.org/stable/c/ec793e690f801d97a7ae2a0d429fea1fee4d44aa •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23228 – smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
https://notcve.org/view.php?id=CVE-2026-23228
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this counter. Replace free_transport() with ksmbd_tcp_disconnect(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the ... • https://git.kernel.org/stable/c/4210c3555db4b38bade92331b153e583261f05f9 •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2026-23229 – crypto: virtio - Add spinlock protection with virtqueue notification
https://notcve.org/view.php?id=CVE-2026-23229
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32 openssl processes will hangup and there is error reported like this: virtio_crypto virtio0: dataq.0:id 3 is not a head! It seems that the data virtqueue need protection when it... • https://git.kernel.org/stable/c/0eb69890e86775d178452880ea0d24384c5ccedf •