CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23374 – blktrace: fix __this_cpu_read/write in preemptible context
https://notcve.org/view.php?id=CVE-2026-23374
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_cpu_write() on the per-CPU variable trace_cmdline_save, and trace_save_cmdline() explicitly asserts preemption is disabled via lockdep_assert_preemption_disabled(). These operations are only safe when preemption is off, as they were designed to be called from the scheduler context (probe_wakeup_sched_switch() / pr... • https://git.kernel.org/stable/c/7ffbd48d5cab22bcd1120eb2349db1319e2d827a •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23372 – nfc: rawsock: cancel tx_work before socket teardown
https://notcve.org/view.php?id=CVE-2026-23372
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTD... • https://git.kernel.org/stable/c/23b7869c0fd08d73c9f83a2db88a13312d6198bb •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23371 – sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
https://notcve.org/view.php?id=CVE-2026-23371
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited). sched: DL de-boosted task PID 22725: REPLENISH flag missing WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8 ... (running_bw underflow) Call trace: dequeue_task_dl+0x15c/0x1f8 (P) dequeue_task+0x80/0x168 deactivate_task+0x24/0x5... • https://git.kernel.org/stable/c/2279f540ea7d05f22d2f0c4224319330228586bc •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23370 – platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
https://notcve.org/view.php?id=CVE-2026-23370
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials. • https://git.kernel.org/stable/c/e8a60aa7404bfef37705da5607c97737073ac38d •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23368 – net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
https://notcve.org/view.php?id=CVE-2026-23368
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [<8054e4b8>] led_trigger_register+0x5c/0x1fc <-- Trying to get lock "triggers_list_lock" via down_write(&triggers_list_lock); [ 1362.054536] [<80662830>] phy_led_triggers_register+0xd0/0x234 [ 1362.060329] [<8065e200>] phy_attach_direct+0x33c/0x40c [ 1362.065489] [<... • https://git.kernel.org/stable/c/06f502f57d0d7728f9fa0f157ec5e4111ddb98f6 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23367 – wifi: radiotap: reject radiotap with unknown bits
https://notcve.org/view.php?id=CVE-2026-23367
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size is unknown as well. In this case, iterator->_next_ns_data isn't initialized (it's only set for skipping vendor namespaces), and syzbot points out that we later compare against this uninitialized value. Fix this by moving the rejection ... • https://git.kernel.org/stable/c/33e5a2f776e331dc8a4379b6efb660d38f182d96 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23365 – net: usb: kalmia: validate USB endpoints
https://notcve.org/view.php?id=CVE-2026-23365
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints. • https://git.kernel.org/stable/c/d40261236e8e278cb1936cb5e934262971692b10 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23364 – ksmbd: Compare MACs in constant time
https://notcve.org/view.php?id=CVE-2026-23364
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq(). • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23362 – can: bcm: fix locking for bcm_op runtime updates
https://notcve.org/view.php?id=CVE-2026-23362
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame i... • https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23361 – PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
https://notcve.org/view.php?id=CVE-2026-23361
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write transaction. There's no completion for posted writes, so the writel() may return before the PCI write completes. dw_pcie_ep_raise_msix_irq() also unmaps the outbound ATU entry used for the PCI write, so the write races with the unmap. If t... • https://git.kernel.org/stable/c/beb4641a787df79a1423a8789d185b6b78fcbfea •