CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23164 – rocker: fix memory leak in rocker_world_port_post_fini()
https://notcve.org/view.php?id=CVE-2026-23164
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rocker_world_port_post_fini() In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with kzalloc(wops->port_priv_size, GFP_KERNEL). However, in rocker_world_port_post_fini(), the memory is only freed when wops->port_post_fini callback is set: if (!wops->port_post_fini) return; wops->port_post_fini(rocker_port); kfree(rocker_port->wpriv); Since rocker_ofdpa_ops does not implement port_post_fini callback ... • https://git.kernel.org/stable/c/e420114eef4a3a5025a243b89b0dc343101e3d3c •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23157 – btrfs: do not strictly require dirty metadata threshold for metadata writepages
https://notcve.org/view.php?id=CVE-2026-23157
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. T... • https://git.kernel.org/stable/c/793955bca66c99defdffc857ae6eb7e8431d6bbe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23150 – nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
https://notcve.org/view.php?id=CVE-2026-23150
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk_buff, nfc_dev, etc. [0] The leading log hinted that nfc_llcp_send_ui_frame() failed to allocate skb due to sock_error(sk) being -ENXIO. ENXIO is set by nfc_llcp_socket_release() when struct nfc_llcp_local is destroyed by local_cleanup(). The problem is that there is no synchronisation between nfc_llcp_send_ui_fra... • https://git.kernel.org/stable/c/94f418a206648c9be6fd84d6681d6956b8f8b106 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23141 – btrfs: send: check for inline extents in range_is_hole_in_parent()
https://notcve.org/view.php?id=CVE-2026-23141
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if thi... • https://git.kernel.org/stable/c/82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71202 – iommu/sva: invalidate stale IOTLB entries for kernel address space
https://notcve.org/view.php?id=CVE-2025-71202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be triggered by unp... • https://git.kernel.org/stable/c/2f26e0a9c9860db290d63e9d85c2c8c09813677f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23137 – of: unittest: Fix memory leak in unittest_data_add()
https://notcve.org/view.php?id=CVE-2026-23137
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory ... • https://git.kernel.org/stable/c/2eb46da2a760e5764c48b752a5ef320e02b96b21 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23133 – wifi: ath10k: fix dma_free_coherent() pointer
https://notcve.org/view.php?id=CVE-2026-23133
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. ... • https://git.kernel.org/stable/c/2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23126 – netdevsim: fix a race issue related to the operation on bpf_bound_progs list
https://notcve.org/view.php?id=CVE-2026-23126
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpf_bound_progs list The netdevsim driver lacks a protection mechanism for operations on the bpf_bound_progs list. When the nsim_bpf_create_prog() performs list_add_tail, it is possible that nsim_bpf_destroy_prog() is simultaneously performs list_del. Concurrent operations on the list may lead to list corruption and trigger a kernel crash as follows: [ 417.290971] kernel BUG at lib/lis... • https://git.kernel.org/stable/c/31d3ad832948c75139b0e5b653912f7898a1d5d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23125 – sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
https://notcve.org/view.php?id=CVE-2026-23125
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline] RIP: 0010:sctp_packet_appe... • https://git.kernel.org/stable/c/730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23121 – mISDN: annotate data-race around dev->work
https://notcve.org/view.php?id=CVE-2026-23121
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations. BUG: KCSAN: data-race in mISDN_ioctl / mISDN_read write to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1: misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline] mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597... • https://git.kernel.org/stable/c/1b2b03f8e514e4f68e293846ba511a948b80243c •