CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23200 – ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF
https://notcve.org/view.php?id=CVE-2026-23200
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF syzbot reported a kernel BUG in fib6_add_rt2node() when adding an IPv6 route. [0] Commit f72514b3c569 ("ipv6: clear RA flags when adding a static route") introduced logic to clear RTF_ADDRCONF from existing routes when a static route with the same nexthop is added. However, this causes a problem when the existing route has a gateway. When RTF_ADDRCONF is cleared from a route t... • https://git.kernel.org/stable/c/cb2b0caa8ca93cbe39177516669bf699c74f7041 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23199 – procfs: avoid fetching build ID while holding VMA lock
https://notcve.org/view.php?id=CVE-2026-23199
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAP_QUERY to fetch optional build ID only after dropping mmap_lock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot: -> #1 (&mm->mmap_lock){++++}-{4:4}: __might_fault+0xed/0x170 _copy_to_iter+0x118/0x1720 copy_page_to_iter+0x12d/0x1e0 filemap_read+0x720/0x10a0 blkdev_read_iter+0x2b5/0x4e0 vfs_read+0x7f4/0xae0 ksys_read+0x12a/0x... • https://git.kernel.org/stable/c/ed5d583a88a9207b866c14ba834984c6f3c51d23 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23198 – KVM: Don't clobber irqfd routing type when deassigning irqfd
https://notcve.org/view.php?id=CVE-2026-23198
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86 and arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to handle a concurrent routing update, verify that the irqfd is still active before consuming the routing information. As evidenced by the x86 and arm64 bugs, and anot... • https://git.kernel.org/stable/c/f70c20aaf141adb715a2d750c55154073b02a9c3 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23193 – scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()
https://notcve.org/view.php?id=CVE-2026-23193
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connection usage count logic, the waiter signaled by complete() (e.g., in the session release path) may wake up and free the iscsit_session structure immediately. This creates a race condition where the current thread may attempt to execute s... • https://git.kernel.org/stable/c/e48354ce078c079996f89d715dfa44814b4eba01 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23191 – ALSA: aloop: Fix racy access at PCM trigger
https://notcve.org/view.php?id=CVE-2026-23191
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things:... • https://git.kernel.org/stable/c/b1c73fc8e697eb73e23603e465e9af2711ed4183 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23190 – ASoC: amd: fix memory leak in acp3x pdm dma ops
https://notcve.org/view.php?id=CVE-2026-23190
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/4a767b1d039a855c491c4853013804323c06f728 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23189 – ceph: fix NULL pointer dereference in ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2026-23189
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in ceph_mds_auth_match() The CephFS kernel client has regression starting from 6.18-rc1. We have issue in ceph_mds_auth_match() if fs_name == NULL: const char fs_name = mdsc->fsc->mount_options->mds_namespace; ... if (auth->match.fs_name && strcmp(auth->match.fs_name, fs_name)) { / fsname mismatch, try next one */ return 0; } Patrick Donnelly suggested that: In summary, we should definitely start decoding ... • https://git.kernel.org/stable/c/07640d34a781bb2e39020a39137073c03c4aa932 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23188 – net: usb: r8152: fix resume reset deadlock
https://notcve.org/view.php?id=CVE-2026-23188
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23187 – pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
https://notcve.org/view.php?id=CVE-2026-23187
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(). Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1. • https://git.kernel.org/stable/c/2684ac05a8c4d2d5c49e6c11eb6206b30a284813 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23182 – spi: tegra: Fix a memory leak in tegra_slink_probe()
https://notcve.org/view.php?id=CVE-2026-23182
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper cleanup. In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns... • https://git.kernel.org/stable/c/b64683f5d7282f7b160e9867e33cdac00b5c792b •