CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23051 – drm/amdgpu: fix drm panic null pointer when driver not support atomic
https://notcve.org/view.php?id=CVE-2026-23051
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather than plane->state->fb. (cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef) • https://git.kernel.org/stable/c/fe151ed7af5425c424a5735ef9fa3d02c828be7f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23050 – pNFS: Fix a deadlock when returning a delegation during open()
https://notcve.org/view.php?id=CVE-2026-23050
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415 1 [ffffd0b50e177548] schedule at ffffffff9ca05717 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1 3 [ffffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb 4 [ffffd0b50e1775c8] out_of_line_wait_on_bit at ffffffff9ca05ea5 5 [ffffd0b50e177618] pnfs_roc at ffffffffc... • https://git.kernel.org/stable/c/29ade5db12930ec60133f6a02791f4b1a4af2943 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23049 – drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel
https://notcve.org/view.php?id=CVE-2026-23049
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is missing and devm_drm_panel_bridge_add() requires connector type to be set. This leads to a warning and a backtrace in the kernel log and panel does not work: " WARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8 " The warning is triggered by a check for valid connec... • https://git.kernel.org/stable/c/97ceb1fb08b6a2f78aa44a7c229ca280964860c0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71196 – phy: stm32-usphyc: Fix off by one in probe()
https://notcve.org/view.php?id=CVE-2025-71196
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one element out of bounds. The "index" comes from the device tree so it's data that we trust and it's unlikely to be wrong, however it's obviously still worth fixing the bug. Change the > to >=. Several vulnerabilities have been discovered in th... • https://git.kernel.org/stable/c/94c358da3a0545205c6c6a50ae26141f1c73acfa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71195 – dmaengine: xilinx: xdma: Fix regmap max_register
https://notcve.org/view.php?id=CVE-2025-71195
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause a segmentation fault: tail /sys/kernel/debug/regmap/xdma.1.auto/registers Unable to handle kernel paging request at virtual address ffff800082f70000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (curre... • https://git.kernel.org/stable/c/17ce252266c7f016ece026492c45838f852ddc79 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71194 – btrfs: fix deadlock in wait_current_trans() due to ignored transaction type
https://notcve.org/view.php?id=CVE-2025-71194
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_transaction(), it currently waits for a blocked transaction without considering whether the given transaction type actually needs to wait for that particular transaction state. The btrfs_blocked_trans_types[] array already defines which transaction types should wait for which transaction states, but this check was mis... • https://git.kernel.org/stable/c/4a9d8bdee368de78ace8b36da4eb2186afea162d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71193 – phy: qcom-qusb2: Fix NULL pointer dereference on early suspend
https://notcve.org/view.php?id=CVE-2025-71193
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data. There is a small window where the suspend callback may run after PM runtime enabling and before runtime forbid. This causes a sporadic crash during boot: ``` Unable to handle kernel NULL pointer dereference at virtual... • https://git.kernel.org/stable/c/891a96f65ac3b12883ddbc6d1a9adf6e54dc903c •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23048 – udp: call skb_orphan() before skb_attempt_defer_free()
https://notcve.org/view.php?id=CVE-2026-23048
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This then triggers this warning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb->destructor); We must call skb_orphan() to fix this issue. • https://git.kernel.org/stable/c/6471658dc66c670580a7616e75f51b52917e7883 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23047 – libceph: make calc_target() set t->paused, not just clear it
https://notcve.org/view.php?id=CVE-2026-23047
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determine when the request should be paused. Setting t->paused is left to __submit_request() which is fine for regular requests but doesn't work for linger requests -- since __submit_request() doesn't operate on linger requests, there is nowh... • https://git.kernel.org/stable/c/922dab6134178cae317ae00de86376cba59f3147 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23046 – virtio_net: fix device mismatch in devm_kzalloc/devm_kfree
https://notcve.org/view.php?id=CVE-2026-23046
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues() frees using net_device->device. This device mismatch causing below devres warning [ 3788.514041] ------------[ cut here ]------------ [ 3788.514044] WARNING: drivers/base/devres.c:1095 at devm_kfree+0x84/0x98, CPU#16: vdpa/1463 [ 3788.514054] Modules linked in: octep_vdpa virtio_net virtio_vdpa [last unl... • https://git.kernel.org/stable/c/4944be2f5ad8c74b93e4e272f3a0f1a136bbc438 •