CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23176 – platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
https://notcve.org/view.php?id=CVE-2026-23176
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remove() does not free the object pointed to by toshiba_haps before clearing that pointer, so it becomes unreachable allocated memory. Address these memory leaks by using devm_kzalloc() for allocating the memory in question. In the Linux ke... • https://git.kernel.org/stable/c/23d0ba0c908ac10139f0351023c64198d7fc1409 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71224 – wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
https://notcve.org/view.php?id=CVE-2025-71224
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in which case the OCB interface is not operational. Skip RX peer handling when the interface is not joined to avoid warnings in the RX path. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_s... • https://git.kernel.org/stable/c/239281f803e2efdb77d906ef296086b6917e5d71 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71223 – smb/server: fix refcount leak in smb2_open()
https://notcve.org/view.php?id=CVE-2025-71223
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in smb2_open() When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file must be released. In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in smb2_open() When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file must be released. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of se... • https://git.kernel.org/stable/c/8df4bcdb0a4232192b2445256c39b787d58ef14d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71222 – wifi: wlcore: ensure skb headroom before skb_push
https://notcve.org/view.php?id=CVE-2025-71222
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 bytes). In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94 = 16 by... • https://git.kernel.org/stable/c/f5fc0f86b02afef1119b523623b4cde41475bc8c •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71221 – dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
https://notcve.org/view.php?id=CVE-2025-71221
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when multiple threads call tx_status() while the tasklet on another CPU is freeing completed descriptors: CPU 0 CPU 1 ----- ----- mmp_pdma_tx_status() mmp_pdma_residue() -> NO LOCK held list_for_each_entry(sw, ..) DMA interrupt dma_do_tasklet(... • https://git.kernel.org/stable/c/1b38da264674d6a0fe26a63996b8f88b88c3da48 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71220 – smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()
https://notcve.org/view.php?id=CVE-2025-71220
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/f2283680a80571ca82d710bc6ecd8f8beac67d63 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71204 – smb/server: fix refcount leak in parse_durable_handle_context()
https://notcve.org/view.php?id=CVE-2025-71204
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parse_durable_handle_context() When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbd_file must be released. In the Linux kernel, the following vulnerability has been resolved: smb/server: fix refcount leak in parse_durable_handle_context() When the command is a replay operation and -ENOEXEC is returned, the refcount of ksmbd_file must be released. Several vulnerabilities have... • https://git.kernel.org/stable/c/8df4bcdb0a4232192b2445256c39b787d58ef14d •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71203 – riscv: Sanitize syscall table indexing under speculation
https://notcve.org/view.php?id=CVE-2025-71203
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use array_index_nospec() to clamp this value after the bounds check to prevent speculative out-of-bounds access and subsequent data leakage via cache side channels. In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall n... • https://git.kernel.org/stable/c/f0bddf50586da81360627a772be0e355b62f071e •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23173 – net/mlx5e: TC, delete flows only for existing peers
https://notcve.org/view.php?id=CVE-2026-23173
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup is limited to devices the driver is currently connected to. BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD ... • https://git.kernel.org/stable/c/9be6c21fdcf8a7ec48262bb76f78c17ac2761ac6 •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23172 – net: wwan: t7xx: fix potential skb->frags overflow in RX path
https://notcve.org/view.php?id=CVE-2026-23172
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb->frags overflow in RX path When receiving data in the DPMAIF RX path, the t7xx_dpmaif_set_frag_to_skb() function adds page fragments to an skb without checking if the number of fragments has exceeded MAX_SKB_FRAGS. This could lead to a buffer overflow in skb_shinfo(skb)->frags[] array, corrupting adjacent memory and potentially causing kernel crashes or other undefined behavior. This issue was identified t... • https://git.kernel.org/stable/c/d642b012df70a76dd5723f2d426b40bffe83ac49 •