CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-31393 – Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access
https://notcve.org/view.php?id=CVE-2026-31393
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access l2cap_information_rsp() checks that cmd_len covers the fixed l2cap_info_rsp header (type + result, 4 bytes) but then reads rsp->data without verifying that the payload is present: - L2CAP_IT_FEAT_MASK calls get_unaligned_le32(rsp->data), which reads 4 bytes past the header (needs cmd_len >= 8). - L2CAP_IT_FIXED_CHAN reads rsp->data[0], 1 byte past the header (needs cmd_l... • https://git.kernel.org/stable/c/4e8402a3f884427f9233ba436459c158d1f2e114 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-31392 – smb: client: fix krb5 mount with username option
https://notcve.org/view.php?id=CVE-2026-31392
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client was reusing SMB session from first mount to try mounting the other shares, even though a different username= option had been specified to the other mounts. By using username mount option along with sec=krb5 to searc... • https://git.kernel.org/stable/c/4ff67b720c02c36e54d55b88c2931879b7db1cd2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-31391 – crypto: atmel-sha204a - Fix OOM ->tfm_count leak
https://notcve.org/view.php?id=CVE-2026-31391
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads. • https://git.kernel.org/stable/c/da001fb651b00e1deeaf24767dd691ae8152a4f5 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-31389 – spi: fix use-after-free on controller registration failure
https://notcve.org/view.php?id=CVE-2026-31389
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses. • https://git.kernel.org/stable/c/6598b91b5ac32bc756d7c3000a31f775d4ead1c4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23475 – spi: fix statistics allocation
https://notcve.org/view.php?id=CVE-2026-23475
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres). • https://git.kernel.org/stable/c/6598b91b5ac32bc756d7c3000a31f775d4ead1c4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23474 – mtd: Avoid boot crash in RedBoot partition table parser
https://notcve.org/view.php?id=CVE-2026-23474
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIG_FORTIFY_SOURCE=y and a recent compiler, commit 439a1bcac648 ("fortify: Use __builtin_dynamic_object_size() when available") produces the warning below and an oops. Searching for RedBoot partition table in 50000000.flash at offset 0x7e0000 ------------[ cut here ]------------ WARNING: lib/string_helpers.c:1035 at 0xc029e04c, CPU#0: swapper/0/1 memcmp: detected buffer overfl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23473 – io_uring/poll: fix multishot recv missing EOF on wakeup race
https://notcve.org/view.php?id=CVE-2026-23473
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown() happen back-to-back, both fire wake-ups before the receiver's task_work has a chance to run. The first wake gets poll ownership (poll_refs=1), and the second bumps it to 2. When io_poll_check_events() runs, it calls io_poll_issue() which does a recv that reads the data and returns IOU_RETRY. The loop then drains all accumulated refs (atomic_sub_re... • https://git.kernel.org/stable/c/dbc2564cfe0faff439dc46adb8c009589054ea46 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23472 – serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
https://notcve.org/view.php?id=CVE-2026-23472
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmit_buf is NULL (which happens for PORT_UNKNOWN ports that were never properly initialized): - uart_write_room() returns kfifo_avail() which can be > 0 - uart_write() checks xmit_buf and returns 0 if NULL This inconsistency causes an infinite loop in drivers that rely on tty_write_room() to determine if they can wri... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23470 – drm/imagination: Fix deadlock in soft reset sequence
https://notcve.org/view.php?id=CVE-2026-23470
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, hence it cannot call disable_irq() which internally waits for IRQ handlers, i.e. itself, to complete. Use disable_irq_nosync() during a soft reset instead. • https://git.kernel.org/stable/c/cc1aeedb98ad347c06ff59e991b2f94dfb4c565d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23469 – drm/imagination: Synchronize interrupts before suspending the GPU
https://notcve.org/view.php?id=CVE-2026-23469
03 Apr 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ handler is in progress on a different CPU core and doesn't wait for it to finish. Depending on timing, the IRQ handler could be running while the GPU is suspended, leading to kernel crashes when trying to access GPU registers. See example signature below. In a power off sequence initiated by the runtime PM suspend c... • https://git.kernel.org/stable/c/cc1aeedb98ad347c06ff59e991b2f94dfb4c565d •