CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23202 – spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
https://notcve.org/view.php?id=CVE-2026-23202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing curr_xfer in the combined sequence transfer loop, protect it with the spinlock to prevent a race with the interrupt handler. Protect the curr_xfer clearing at the exit path of tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race with t... • https://git.kernel.org/stable/c/88db8bb7ed1bb474618acdf05ebd4f0758d244e2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23198 – KVM: Don't clobber irqfd routing type when deassigning irqfd
https://notcve.org/view.php?id=CVE-2026-23198
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86 and arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to handle a concurrent routing update, verify that the irqfd is still active before consuming the routing information. As evidenced by the x86 and arm64 bugs, and anot... • https://git.kernel.org/stable/c/f70c20aaf141adb715a2d750c55154073b02a9c3 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23193 – scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
https://notcve.org/view.php?id=CVE-2026-23193
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connection usage count logic, the waiter signaled by complete() (e.g., in the session release path) may wake up and free the iscsit_session structure immediately. This creates a race condition where the current thread may attempt to execute s... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23191 – ALSA: aloop: Fix racy access at PCM trigger
https://notcve.org/view.php?id=CVE-2026-23191
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things:... • https://git.kernel.org/stable/c/b1c73fc8e697eb73e23603e465e9af2711ed4183 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23190 – ASoC: amd: fix memory leak in acp3x pdm dma ops
https://notcve.org/view.php?id=CVE-2026-23190
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/4a767b1d039a855c491c4853013804323c06f728 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23187 – pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
https://notcve.org/view.php?id=CVE-2026-23187
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/2684ac05a8c4d2d5c49e6c11eb6206b30a284813 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23182 – spi: tegra: Fix a memory leak in tegra_slink_probe()
https://notcve.org/view.php?id=CVE-2026-23182
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper cleanup. In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns... • https://git.kernel.org/stable/c/b64683f5d7282f7b160e9867e33cdac00b5c792b •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23180 – dpaa2-switch: add bounds check for if_id in IRQ handler
https://notcve.org/view.php?id=CVE-2026-23180
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since if_id can be any 16-bit value (0-65535) but the ports array is only allocated with sw_attr.num_ifs elements, this can lead to an out-of-bounds read potentially. Add a bounds check before accessing the array, consistent with the existin... • https://git.kernel.org/stable/c/24ab724f8a4661b2dc8e696b41df93bdc108f7a1 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23176 – platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
https://notcve.org/view.php?id=CVE-2026-23176
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remove() does not free the object pointed to by toshiba_haps before clearing that pointer, so it becomes unreachable allocated memory. Address these memory leaks by using devm_kzalloc() for allocating the memory in question. In the Linux ke... • https://git.kernel.org/stable/c/23d0ba0c908ac10139f0351023c64198d7fc1409 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71224 – wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
https://notcve.org/view.php?id=CVE-2025-71224
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in which case the OCB interface is not operational. Skip RX peer handling when the interface is not joined to avoid warnings in the RX path. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_s... • https://git.kernel.org/stable/c/239281f803e2efdb77d906ef296086b6917e5d71 •