CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23375 – mm: thp: deny THP for files on anonymous inodes
https://notcve.org/view.php?id=CVE-2026-23375
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which does not call get_write_access() and leaves inode->i_writecount at 0. Combined with S_ISREG(inode->i_mode) being true, they appear as read-only regular files when CONFIG_READ_ONLY_THP_FOR_FS is enabled, making them eligible for THP col... • https://git.kernel.org/stable/c/7fbb5e188248c50f737720825da1864ce42536d1 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23374 – blktrace: fix __this_cpu_read/write in preemptible context
https://notcve.org/view.php?id=CVE-2026-23374
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_cpu_write() on the per-CPU variable trace_cmdline_save, and trace_save_cmdline() explicitly asserts preemption is disabled via lockdep_assert_preemption_disabled(). These operations are only safe when preemption is off, as they were designed to be called from the scheduler context (probe_wakeup_sched_switch() / pr... • https://git.kernel.org/stable/c/7ffbd48d5cab22bcd1120eb2349db1319e2d827a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23373 – wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
https://notcve.org/view.php?id=CVE-2026-23373
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected behavior from the driver - other drivers default to 0 too. • https://git.kernel.org/stable/c/0a44dfc070749514b804ccac0b1fd38718f7daa1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23372 – nfc: rawsock: cancel tx_work before socket teardown
https://notcve.org/view.php?id=CVE-2026-23372
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTD... • https://git.kernel.org/stable/c/23b7869c0fd08d73c9f83a2db88a13312d6198bb •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23371 – sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
https://notcve.org/view.php?id=CVE-2026-23371
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited). sched: DL de-boosted task PID 22725: REPLENISH flag missing WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8 ... (running_bw underflow) Call trace: dequeue_task_dl+0x15c/0x1f8 (P) dequeue_task+0x80/0x168 deactivate_task+0x24/0x5... • https://git.kernel.org/stable/c/2279f540ea7d05f22d2f0c4224319330228586bc •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23370 – platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
https://notcve.org/view.php?id=CVE-2026-23370
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials. • https://git.kernel.org/stable/c/e8a60aa7404bfef37705da5607c97737073ac38d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23369 – i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"
https://notcve.org/view.php?id=CVE-2026-23369
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk i801_acpi_io_handler somewhat concurrently. The first will note the area is reserved by acpi to prevent further touches. This ultimately causes the area to be deregistered. The second will enter i801_acpi_io_handler after... • https://git.kernel.org/stable/c/f707d6b9e7c18f669adfdb443906d46cfbaaa0c1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23368 – net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
https://notcve.org/view.php?id=CVE-2026-23368
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [<8054e4b8>] led_trigger_register+0x5c/0x1fc <-- Trying to get lock "triggers_list_lock" via down_write(&triggers_list_lock); [ 1362.054536] [<80662830>] phy_led_triggers_register+0xd0/0x234 [ 1362.060329] [<8065e200>] phy_attach_direct+0x33c/0x40c [ 1362.065489] [<... • https://git.kernel.org/stable/c/06f502f57d0d7728f9fa0f157ec5e4111ddb98f6 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23367 – wifi: radiotap: reject radiotap with unknown bits
https://notcve.org/view.php?id=CVE-2026-23367
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size is unknown as well. In this case, iterator->_next_ns_data isn't initialized (it's only set for skipping vendor namespaces), and syzbot points out that we later compare against this uninitialized value. Fix this by moving the rejection ... • https://git.kernel.org/stable/c/33e5a2f776e331dc8a4379b6efb660d38f182d96 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23366 – drm/client: Do not destroy NULL modes
https://notcve.org/view.php?id=CVE-2026-23366
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that. • https://git.kernel.org/stable/c/3039cc0c0653c6e15130a8719c3237329a954670 •