CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23267 – f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
https://notcve.org/view.php?id=CVE-2026-23267
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fs_recover_inode_page. The issue occurred under the following scenario Thread A Thread B f2fs_ioc_commit_atomic_write - f2fs_do_sync_file // atomic = true - f2fs_fsync_node_pages : last_folio = inode folio : schedule before folio_lock(last_folio) f2fs_write_che... • https://git.kernel.org/stable/c/608514deba38c8611ad330d6a3c8e2b9a1f68e4b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23266 – fbdev: rivafb: fix divide error in nv3_arb()
https://notcve.org/view.php?id=CVE-2026-23266
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitration parameters in nv3_arb(), using state->mclk_khz (derived from the PRAMDAC MCLK PLL) as a divisor without validating it first. In a normal setup, state->mclk_khz is provided by the real hardware and is non-zero. However, an attacke... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23265 – f2fs: fix to do sanity check on node footer in {read,write}_end_io
https://notcve.org/view.php?id=CVE-2026-23265
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace:
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23258 – net: liquidio: Initialize netdev pointer before queue setup
https://notcve.org/view.php?id=CVE-2026-23258
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq(). However, the pointer to this structure is stored in oct->props[i].netdev only after the calls to netif_set_real_num_rx_queues() and netif_set_real_num_tx_queues(). If either of these functions fails, setup_nic_devices() returns an error without freeing the allocated netdev. Since oct->props[i].netdev is stil... • https://git.kernel.org/stable/c/c33c997346c34ea7b89aec99524ad9632a2f1e0c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23257 – net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
https://notcve.org/view.php?id=CVE-2026-23257
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tes... • https://git.kernel.org/stable/c/f21fb3ed364bb83533c5efe19354e337ea9ecda9 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23256 – net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
https://notcve.org/view.php?id=CVE-2026-23256
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Compile tested only. Issue found using code review. • https://git.kernel.org/stable/c/846b46873eeb3baf40f7e6d8fe8f98aec95e7727 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23255 – net: add proper RCU protection to /proc/net/ptype
https://notcve.org/view.php?id=CVE-2026-23255
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_show() violate RCU rules. ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev to get device name without any barrier. At the same time, concurrent writers can remove a packet_type structure (which is correctly freed after an RCU grace period) and clear pt->... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71269 – btrfs: do not free data reservation in fallback from inline due to -ENOSPC
https://notcve.org/view.php?id=CVE-2025-71269
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret i... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71268 – btrfs: fix reservation leak in some error paths when inserting inline extent
https://notcve.org/view.php?id=CVE-2025-71268
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup data, resulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data() in such cases. En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: btrfs: corrige una fuga de reserva en algunas rutas de error al insertar... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23253 – media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
https://notcve.org/view.php?id=CVE-2026-23253
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which reinitializes the waitqueue list head to empty. Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the same DVR device share it), this orphans any existing waitqueue entries from io_uring poll or epoll, leaving them with... • https://git.kernel.org/stable/c/34731df288a5ffe4b0c396caf8cd24c6a710a222 •