CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23088 – tracing: Fix crash on synthetic stacktrace field usage
https://notcve.org/view.php?id=CVE-2026-23088
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: ~# cd /sys/kernel/tracing ~# echo 's:stack unsigned long stack[];' > dynamic_events ~# echo 'hist:keys=prev_pid:s0=common_stacktrace if prev_state & 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=next_pid:s1=$s0... • https://git.kernel.org/stable/c/00cf3d672a9dd409418647e9f98784c339c3ff63 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23087 – scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
https://notcve.org/view.php?id=CVE-2026-23087
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information lea... • https://git.kernel.org/stable/c/d9d660f6e562a47b4065eeb7e538910b0471b988 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23086 – vsock/virtio: cap TX credit to local buffer size
https://notcve.org/view.php?id=CVE-2026-23086
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peer_buf_alloc, which is set from the remote endpoint's SO_VM_SOCKETS_BUFFER_SIZE value. On the host side this means that the amount of data we are willing to queue for a connection is scaled by a guest-chosen buffer size, rather than the host's own vsock configuration. A malicious guest can advertise a large buffer and read slowly, ca... • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23085 – irqchip/gic-v3-its: Avoid truncating memory addresses
https://notcve.org/view.php?id=CVE-2026-23085
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while experimenting with larger VMSPLIT configurations. This caused the qemu virt model to crash in the GICv3 driver, which allocates the 'itt' object using GFP_KERNEL. Since all memory below the 4GB physical address limit is in... • https://git.kernel.org/stable/c/cc2d3216f53c9fff0030eb71cacc4ce5f39d1d7e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23084 – be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
https://notcve.org/view.php?id=CVE-2026-23084
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is set to false, the driver may request the PMAC_ID from the firmware of the network card, and this function will store that PMAC_ID at the provided address pmac_id. This is the contract of this function. However, there is a location within the driver where both pmac_id_valid == false and pmac_id == NULL a... • https://git.kernel.org/stable/c/95046b927a54f461766f83a212c6a93bc5fd2e67 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23083 – fou: Don't allow 0 for FOU_ATTR_IPPROTO.
https://notcve.org/view.php?id=CVE-2026-23083
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO is set to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu(). Let's forbid 0 for FOU_ATTR_IPPROTO. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bo... • https://git.kernel.org/stable/c/23461551c00628c3f3fe9cf837bf53cf8f212b63 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23080 – can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23080
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In mcba_usb_probe() -> mcba_usb_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback mcba_usb_read_bulk_callback(), the URBs are processed and resubmitted. In mcba_usb_close() ->... • https://git.kernel.org/stable/c/51f3baad7de943780ce0c17bd7975df567dd6e14 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23078 – ALSA: scarlett2: Fix buffer overflow in config retrieval
https://notcve.org/view.php?id=CVE-2026-23078
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get_config() function has a logic error in the endianness conversion code that can cause buffer overflows when count > 1. The code checks `if (size == 2)` where `size` is the total buffer size in bytes, then loops `count` times treating each element as u16 (2 bytes). This causes the loop to access `count * 2` bytes when the buffer only has `size` bytes allocated. Fix... • https://git.kernel.org/stable/c/ac34df733d2dfe3b553897a1e9e1a44414f09834 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23076 – ALSA: ctxfi: Fix potential OOB access in audio mixer handling
https://notcve.org/view.php?id=CVE-2026-23076
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling In the audio mixer handling code of ctxfi driver, the conf field is used as a kind of loop index, and it's referred in the index callbacks (amixer_index() and sum_index()). As spotted recently by fuzzers, the current code causes OOB access at those functions. | UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48 | index 8 is... • https://git.kernel.org/stable/c/8cc72361481f00253f1e468ade5795427386d593 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23075 – can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23075
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In esd_usb_open(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback esd_usb_read_bulk_callback(), the URBs are processed and resubmitted. In esd_usb_close() the URBs are freed by calling... • https://git.kernel.org/stable/c/96d8e90382dc336b5de401164597edfdc2e8d9f1 •