CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23157 – btrfs: do not strictly require dirty metadata threshold for metadata writepages
https://notcve.org/view.php?id=CVE-2026-23157
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. T... • https://git.kernel.org/stable/c/793955bca66c99defdffc857ae6eb7e8431d6bbe •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23154 – net: fix segmentation of forwarding fraglist GRO
https://notcve.org/view.php?id=CVE-2026-23154
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly proce... • https://git.kernel.org/stable/c/9fd1ff5d2ac7181844735806b0a703c942365291 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23150 – nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
https://notcve.org/view.php?id=CVE-2026-23150
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk_buff, nfc_dev, etc. [0] The leading log hinted that nfc_llcp_send_ui_frame() failed to allocate skb due to sock_error(sk) being -ENXIO. ENXIO is set by nfc_llcp_socket_release() when struct nfc_llcp_local is destroyed by local_cleanup(). The problem is that there is no synchronisation between nfc_llcp_send_ui_fra... • https://git.kernel.org/stable/c/94f418a206648c9be6fd84d6681d6956b8f8b106 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23146 – Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
https://notcve.org/view.php?id=CVE-2026-23146
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_uart_register_dev(), which calls proto->open() to initialize hu->priv. However, if a TTY write wakeup occurs during this window, hci_uart_tx_wakeup() may schedule write_work before hu->priv is initialized, leading to a NULL pointer dereference in hci_uart_write_work() when proto->dequeue() accesses hu->priv. The ra... • https://git.kernel.org/stable/c/a40f94f7caa8d3421b64f63ac31bc0f24c890f39 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2026-23145 – ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
https://notcve.org/view.php?id=CVE-2026-23145
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. • https://git.kernel.org/stable/c/1cfb3e4ddbdc8e02e637b8852540bd4718bf4814 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23141 – btrfs: send: check for inline extents in range_is_hole_in_parent()
https://notcve.org/view.php?id=CVE-2026-23141
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if thi... • https://git.kernel.org/stable/c/82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71202 – iommu/sva: invalidate stale IOTLB entries for kernel address space
https://notcve.org/view.php?id=CVE-2025-71202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be triggered by unp... • https://git.kernel.org/stable/c/2f26e0a9c9860db290d63e9d85c2c8c09813677f •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23138 – tracing: Add recursion protection in kernel stack trace recording
https://notcve.org/view.php?id=CVE-2026-23138
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, inter... • https://git.kernel.org/stable/c/5f5fa7ea89dc82d34ed458f4d7a8634e8e9eefce •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23137 – of: unittest: Fix memory leak in unittest_data_add()
https://notcve.org/view.php?id=CVE-2026-23137
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory ... • https://git.kernel.org/stable/c/2eb46da2a760e5764c48b752a5ef320e02b96b21 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23133 – wifi: ath10k: fix dma_free_coherent() pointer
https://notcve.org/view.php?id=CVE-2026-23133
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. ... • https://git.kernel.org/stable/c/2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 •