CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23226 – ksmbd: add chann_lock to protect ksmbd_chann_list xarray
https://notcve.org/view.php?id=CVE-2026-23226
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore chann_lock to struct ksmbd_session and protects all xa_load/xa_store/xa_erase accesses. • https://git.kernel.org/stable/c/1d9c4172110e645b383ff13eee759728d74f1a5d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23221 – bus: fsl-mc: fix use-after-free in driver_override_show()
https://notcve.org/view.php?id=CVE-2026-23221
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the d... • https://git.kernel.org/stable/c/1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71227 – wifi: mac80211: don't WARN for connections on invalid channels
https://notcve.org/view.php?id=CVE-2025-71227
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more in... • https://git.kernel.org/stable/c/f2d9d270c15ae0139b54a7e7466d738327e97e03 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23212 – bonding: annotate data-races around slave->last_rx
https://notcve.org/view.php?id=CVE-2026-23212
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bon... • https://git.kernel.org/stable/c/f5b2b966f032f22d3a289045a5afd4afa09f09c6 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71225 – md: suspend array while updating raid_disks via sysfs
https://notcve.org/view.php?id=CVE-2025-71225
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update is completed. However, freeze_array() only waits until nr_sync_pending and (nr_pending - nr_queued) of all buckets reaches zero. When an I/O error occurs, nr_queued is increased and the corresponding r1bio is queued t... • https://git.kernel.org/stable/c/e2d59925221cd562e07fee38ec8839f7209ae603 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71232 – scsi: qla2xxx: Free sp in error path to fix system crash
https://notcve.org/view.php?id=CVE-2025-71232
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X. [61110.467494] ============================================================================= [61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown() [61110.467501] ----------------------------------------... • https://git.kernel.org/stable/c/f352eeb75419d2b693df7cc5957f7427c2b9b3ea •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71233 – PCI: endpoint: Avoid creating sub-groups asynchronously
https://notcve.org/view.php?id=CVE-2025-71233
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash can be easily reproduced with the following commands: # cd /sys/kernel/config/pci_ep/functions/pci_epf_test # for i in {1..20}; do mkdir test && rmdir test; done BUG: kernel NULL pointer dereference, address: 000000... • https://git.kernel.org/stable/c/e85a2d7837622bd99c96f5bbc7f972da90c285a2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71235 – scsi: qla2xxx: Delay module unload while fabric scan in progress
https://notcve.org/view.php?id=CVE-2025-71235
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:00000... • https://git.kernel.org/stable/c/783e0dc4f66ade6bbd8833b6bae778158d54c1a6 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71236 – scsi: qla2xxx: Validate sp before freeing associated memory
https://notcve.org/view.php?id=CVE-2025-71236
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3. [154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5. [154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 0080 0000. [15... • https://git.kernel.org/stable/c/a4239945b8ad112fb914d0605c8f6c5fd3330f61 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71237 – nilfs2: Fix potential block overflow that cause system hang
https://notcve.org/view.php?id=CVE-2025-71237
18 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a negative nblocks value will become a very large positive integer. This ultimately leads to the block layer function __blkdev_issue_discard() taking an excessively long time to process the bio chain, and the ns_segctor... • https://git.kernel.org/stable/c/82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 •