CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23368 – net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
https://notcve.org/view.php?id=CVE-2026-23368
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [<8054e4b8>] led_trigger_register+0x5c/0x1fc <-- Trying to get lock "triggers_list_lock" via down_write(&triggers_list_lock); [ 1362.054536] [<80662830>] phy_led_triggers_register+0xd0/0x234 [ 1362.060329] [<8065e200>] phy_attach_direct+0x33c/0x40c [ 1362.065489] [<... • https://git.kernel.org/stable/c/06f502f57d0d7728f9fa0f157ec5e4111ddb98f6 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23367 – wifi: radiotap: reject radiotap with unknown bits
https://notcve.org/view.php?id=CVE-2026-23367
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size is unknown as well. In this case, iterator->_next_ns_data isn't initialized (it's only set for skipping vendor namespaces), and syzbot points out that we later compare against this uninitialized value. Fix this by moving the rejection ... • https://git.kernel.org/stable/c/33e5a2f776e331dc8a4379b6efb660d38f182d96 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23365 – net: usb: kalmia: validate USB endpoints
https://notcve.org/view.php?id=CVE-2026-23365
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints. • https://git.kernel.org/stable/c/d40261236e8e278cb1936cb5e934262971692b10 •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23364 – ksmbd: Compare MACs in constant time
https://notcve.org/view.php?id=CVE-2026-23364
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq(). • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23362 – can: bcm: fix locking for bcm_op runtime updates
https://notcve.org/view.php?id=CVE-2026-23362
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup(). Usually the RX_SETUP only handles and filters incoming traffic with one exception: When the RX_RTR_FRAME flag is set a predefined CAN frame is sent when a specific RTR frame i... • https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23361 – PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
https://notcve.org/view.php?id=CVE-2026-23361
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write transaction. There's no completion for posted writes, so the writel() may return before the PCI write completes. dw_pcie_ep_raise_msix_irq() also unmaps the outbound ATU entry used for the PCI write, so the write races with the unmap. If t... • https://git.kernel.org/stable/c/beb4641a787df79a1423a8789d185b6b78fcbfea •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23359 – bpf: Fix stack-out-of-bounds write in devmap
https://notcve.org/view.php?id=CVE-2026-23359
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack, but that assumption is not correct and the number of upper devices could be larger than MAX_NEST_DEV (e.g., many macvlans), causing a stack-out-... • https://git.kernel.org/stable/c/aeea1b86f9363f3feabb496534d886f082a89f21 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23357 – can: mcp251x: fix deadlock in error path of mcp251x_open
https://notcve.org/view.php?id=CVE-2026-23357
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() function call free_irq() in its error path with the mpc_lock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpc_lock and free_irq() will deadlock waiting for the handler to finish. This issue is similar to the one fixed in commit 7dd9c26bd6cf ("can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open") but... • https://git.kernel.org/stable/c/bf66f3736a945dd4e92d86427276c6eeab0a6c1d •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23356 – drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
https://notcve.org/view.php?id=CVE-2026-23356
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() Even though we check that we "should" be able to do lc_get_cumulative() while holding the device->al_lock spinlock, it may still fail, if some other code path decided to do lc_try_lock() with bad timing. If that happened, we logged "LOGIC BUG for enr=...", but still did not return an error. The rest of the code now assumed that this request has references for the relevant activity log ext... • https://git.kernel.org/stable/c/08a1ddab6df7d3c7b6341774cb1cf4b21b96a214 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23352 – x86/efi: defer freeing of boot services memory
https://notcve.org/view.php?id=CVE-2026-23352
25 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE and EFI_BOOT_SERVICES_DATA using memblock_free_late(). There are two issue with that: memblock_free_late() should be used for memory allocated with memblock_alloc() while the memory reserved with memblock_reserve() should be freed with free_reserved_area(). More acutely, with CONFIG_DEFERRED_STRUCT_PAGE_INIT=y efi_free_boo... • https://git.kernel.org/stable/c/0aed459e8487eb6ebdb4efe8cefe1eafbc704b30 •