CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23097 – migrate: correct lock ordering for hugetlb file folios
https://notcve.org/view.php?id=CVE-2026-23097
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(write lock), then tries to acquire folio_lock. migrate_pages() -> migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Waits for... • https://git.kernel.org/stable/c/336bf30eb76580b579dc711ded5d599d905c0217 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23096 – uacce: fix cdev handling in the cleanup path
https://notcve.org/view.php?id=CVE-2026-23096
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdev_device_add fails, it internally releases the cdev memory, and if cdev_device_del is then executed, it will cause a hang error. To fix it, we check the return value of cdev_device_add() and clear uacce->cdev to avoid calling cdev_device_del in the uacce_remove. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or i... • https://git.kernel.org/stable/c/015d239ac0142ad0e26567fd890ef8d171f13709 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23095 – gue: Fix skb memleak with inner IP protocol 0.
https://notcve.org/view.php?id=CVE-2026-23095
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in ip_protocol_deliver_rcu(), but this only works with non-zero protocol number. Let's drop such packets. Note that 0 is a valid number (IPv6 Hop-by-Hop Option). I think it is not practical to encap HOPOPT in GUE, so once someone starts to... • https://git.kernel.org/stable/c/37dd0247797b168ad1cc7f5dbec825a1ee66535b •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23093 – ksmbd: smbd: fix dma_unmap_sg() nents
https://notcve.org/view.php?id=CVE-2026-23093
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23091 – intel_th: fix device leak on output open()
https://notcve.org/view.php?id=CVE-2026-23091
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or... • https://git.kernel.org/stable/c/39f4034693b7c7bd1fe4cb58c93259d600f55561 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23090 – slimbus: core: fix device reference leak on report present
https://notcve.org/view.php?id=CVE-2026-23090
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices. Note that this requires taking an extra reference in case the device has not yet been registered and has to be allocated. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege... • https://git.kernel.org/stable/c/46a2bb5a7f7ea2728be50f8f5b29a20267f700fe •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23089 – ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
https://notcve.org/view.php?id=CVE-2026-23089
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed memory. Later when snd_card_register() runs, the OSS mixer layer calls their callbacks and hits a use-after-free read. Call trace: get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411 get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixe... • https://git.kernel.org/stable/c/6639b6c2367f884ca172b78d69f7da17bfab2e5e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23088 – tracing: Fix crash on synthetic stacktrace field usage
https://notcve.org/view.php?id=CVE-2026-23088
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: ~# cd /sys/kernel/tracing ~# echo 's:stack unsigned long stack[];' > dynamic_events ~# echo 'hist:keys=prev_pid:s0=common_stacktrace if prev_state & 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=next_pid:s1=$s0... • https://git.kernel.org/stable/c/00cf3d672a9dd409418647e9f98784c339c3ff63 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23087 – scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
https://notcve.org/view.php?id=CVE-2026-23087
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information lea... • https://git.kernel.org/stable/c/d9d660f6e562a47b4065eeb7e538910b0471b988 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23086 – vsock/virtio: cap TX credit to local buffer size
https://notcve.org/view.php?id=CVE-2026-23086
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peer_buf_alloc, which is set from the remote endpoint's SO_VM_SOCKETS_BUFFER_SIZE value. On the host side this means that the amount of data we are willing to queue for a connection is scaled by a guest-chosen buffer size, rather than the host's own vsock configuration. A malicious guest can advertise a large buffer and read slowly, ca... • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b •