CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23205 – smb/client: fix memory leak in smb2_open_file()
https://notcve.org/view.php?id=CVE-2026-23205
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //${server_ip}/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4. client: umount /mnt 5. client: sleep 1 6. client: modprobe -r cifs The error message is as follows: ============================================================================= BUG cifs_small_rq (Not tainted): O... • https://git.kernel.org/stable/c/17e53a15e64b65623b8f2b1185d27d7b1cbf69ab •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23204 – net/sched: cls_u32: use skb_header_pointer_careful()
https://notcve.org/view.php?id=CVE-2026-23204
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221 In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_hea... • https://git.kernel.org/stable/c/fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23202 – spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
https://notcve.org/view.php?id=CVE-2026-23202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer The curr_xfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing curr_xfer in the combined sequence transfer loop, protect it with the spinlock to prevent a race with the interrupt handler. Protect the curr_xfer clearing at the exit path of tegra_qspi_combined_seq_xfer() with the spinlock to prevent a race with t... • https://git.kernel.org/stable/c/88db8bb7ed1bb474618acdf05ebd4f0758d244e2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23198 – KVM: Don't clobber irqfd routing type when deassigning irqfd
https://notcve.org/view.php?id=CVE-2026-23198
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86 and arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to handle a concurrent routing update, verify that the irqfd is still active before consuming the routing information. As evidenced by the x86 and arm64 bugs, and anot... • https://git.kernel.org/stable/c/f70c20aaf141adb715a2d750c55154073b02a9c3 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23193 – scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
https://notcve.org/view.php?id=CVE-2026-23193
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connection usage count logic, the waiter signaled by complete() (e.g., in the session release path) may wake up and free the iscsit_session structure immediately. This creates a race condition where the current thread may attempt to execute s... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23191 – ALSA: aloop: Fix racy access at PCM trigger
https://notcve.org/view.php?id=CVE-2026-23191
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things:... • https://git.kernel.org/stable/c/b1c73fc8e697eb73e23603e465e9af2711ed4183 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23190 – ASoC: amd: fix memory leak in acp3x pdm dma ops
https://notcve.org/view.php?id=CVE-2026-23190
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/4a767b1d039a855c491c4853013804323c06f728 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23187 – pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
https://notcve.org/view.php?id=CVE-2026-23187
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/2684ac05a8c4d2d5c49e6c11eb6206b30a284813 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23182 – spi: tegra: Fix a memory leak in tegra_slink_probe()
https://notcve.org/view.php?id=CVE-2026-23182
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper cleanup. In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns... • https://git.kernel.org/stable/c/b64683f5d7282f7b160e9867e33cdac00b5c792b •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23180 – dpaa2-switch: add bounds check for if_id in IRQ handler
https://notcve.org/view.php?id=CVE-2026-23180
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since if_id can be any 16-bit value (0-65535) but the ports array is only allocated with sw_attr.num_ifs elements, this can lead to an out-of-bounds read potentially. Add a bounds check before accessing the array, consistent with the existin... • https://git.kernel.org/stable/c/24ab724f8a4661b2dc8e696b41df93bdc108f7a1 •