CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23160 – octeon_ep: Fix memory leak in octep_device_setup()
https://notcve.org/view.php?id=CVE-2026-23160
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix memory leak in octep_device_setup() In octep_device_setup(), if octep_ctrl_net_init() fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumping to the unsupported_dev label, which performs the necessary cleanup. This aligns with the error handling logic of other paths in this function. Compile tested only. Issue found using a prototype stati... • https://git.kernel.org/stable/c/577f0d1b1c5f3282fa2011177b0af692a7c21aee •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23159 – perf: sched: Fix perf crash with new is_user_task() helper
https://notcve.org/view.php?id=CVE-2026-23159
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fix perf crash with new is_user_task() helper In order to do a user space stacktrace the current task needs to be a user task that has executed in user space. It use to be possible to test if a task is a user task or not by simply checking the task_struct mm field. If it was non NULL, it was a user task and if not it was a kernel task. But things have changed over time, and some kernel tasks now have their own mm field. An idea... • https://git.kernel.org/stable/c/34b5aba8511a12fb2e9bd3124835cb4087187dac •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23158 – gpio: virtuser: fix UAF in configfs release path
https://notcve.org/view.php?id=CVE-2026-23158
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guard(mutex) to protect the device structure. However, the device is freed before the guard cleanup runs, causing mutex_unlock() to operate on freed memory. Specifically, gpio_virtuser_device_config_group_release() destroys the mutex and frees the device while still inside the guard(mutex) scope. When the function returns, the guard cleanup invokes... • https://git.kernel.org/stable/c/91581c4b3f29e2e22aeb1a62e842d529ca638b2d •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23157 – btrfs: do not strictly require dirty metadata threshold for metadata writepages
https://notcve.org/view.php?id=CVE-2026-23157
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. T... • https://git.kernel.org/stable/c/793955bca66c99defdffc857ae6eb7e8431d6bbe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23156 – efivarfs: fix error propagation in efivar_entry_get()
https://notcve.org/view.php?id=CVE-2026-23156
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get(). In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get... • https://git.kernel.org/stable/c/2d82e6227ea189c0589e7383a36616ac2a2d248c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23155 – can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
https://notcve.org/view.php?id=CVE-2026-23155
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix error message Sinc commit 79a6d1bfe114 ("can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error") a failing resubmit URB will print an info message. In the case of a short read where netdev has not yet been assigned, initialize as NULL to avoid dereferencing an undefined value. Also report the error value of the failed resubmit. In the Linux kernel, the following ... • https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23154 – net: fix segmentation of forwarding fraglist GRO
https://notcve.org/view.php?id=CVE-2026-23154
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly proce... • https://git.kernel.org/stable/c/9fd1ff5d2ac7181844735806b0a703c942365291 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23153 – firewire: core: fix race condition against transaction list
https://notcve.org/view.php?id=CVE-2026-23153
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completion event concurrently. This commit fixes the bug by put timer start for split transaction expiration into the scope of lock. The value of jiffies in card structure is referred before acquiring the lock. In the Linux... • https://git.kernel.org/stable/c/b5725cfa4120a4d234ab112aad151d731531d093 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23152 – wifi: mac80211: correctly decode TTLM with default link map
https://notcve.org/view.php?id=CVE-2026-23152
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping (TTLM) elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access points should not explicitly report an advertised TTLM with a default mapping as that is the implied mapping if the element is not included, this is even the case when switching back to the default mapping. However, ma... • https://git.kernel.org/stable/c/702e80470a3359ce02b3f846f48f6db4ac7fd837 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23151 – Bluetooth: MGMT: Fix memory leak in set_ssp_complete
https://notcve.org/view.php?id=CVE-2026-23151
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") replaced mgmt_pending_foreach() calls with individual command handling but missed adding mgmt_pending_free() calls in both error and success paths of set_ssp_complete(). Other completion functions like s... • https://git.kernel.org/stable/c/d71b98f253b079cbadc83266383f26fe7e9e103b •