CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23150 – nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
https://notcve.org/view.php?id=CVE-2026-23150
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk_buff, nfc_dev, etc. [0] The leading log hinted that nfc_llcp_send_ui_frame() failed to allocate skb due to sock_error(sk) being -ENXIO. ENXIO is set by nfc_llcp_socket_release() when struct nfc_llcp_local is destroyed by local_cleanup(). The problem is that there is no synchronisation between nfc_llcp_send_ui_fra... • https://git.kernel.org/stable/c/94f418a206648c9be6fd84d6681d6956b8f8b106 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23146 – Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
https://notcve.org/view.php?id=CVE-2026-23146
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_uart_register_dev(), which calls proto->open() to initialize hu->priv. However, if a TTY write wakeup occurs during this window, hci_uart_tx_wakeup() may schedule write_work before hu->priv is initialized, leading to a NULL pointer dereference in hci_uart_write_work() when proto->dequeue() accesses hu->priv. The ra... • https://git.kernel.org/stable/c/a40f94f7caa8d3421b64f63ac31bc0f24c890f39 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2026-23145 – ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
https://notcve.org/view.php?id=CVE-2026-23145
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. • https://git.kernel.org/stable/c/1cfb3e4ddbdc8e02e637b8852540bd4718bf4814 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23141 – btrfs: send: check for inline extents in range_is_hole_in_parent()
https://notcve.org/view.php?id=CVE-2026-23141
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if thi... • https://git.kernel.org/stable/c/82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71202 – iommu/sva: invalidate stale IOTLB entries for kernel address space
https://notcve.org/view.php?id=CVE-2025-71202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be triggered by unp... • https://git.kernel.org/stable/c/2f26e0a9c9860db290d63e9d85c2c8c09813677f •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23138 – tracing: Add recursion protection in kernel stack trace recording
https://notcve.org/view.php?id=CVE-2026-23138
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, inter... • https://git.kernel.org/stable/c/5f5fa7ea89dc82d34ed458f4d7a8634e8e9eefce •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23137 – of: unittest: Fix memory leak in unittest_data_add()
https://notcve.org/view.php?id=CVE-2026-23137
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory ... • https://git.kernel.org/stable/c/2eb46da2a760e5764c48b752a5ef320e02b96b21 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23133 – wifi: ath10k: fix dma_free_coherent() pointer
https://notcve.org/view.php?id=CVE-2026-23133
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. ... • https://git.kernel.org/stable/c/2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23126 – netdevsim: fix a race issue related to the operation on bpf_bound_progs list
https://notcve.org/view.php?id=CVE-2026-23126
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpf_bound_progs list The netdevsim driver lacks a protection mechanism for operations on the bpf_bound_progs list. When the nsim_bpf_create_prog() performs list_add_tail, it is possible that nsim_bpf_destroy_prog() is simultaneously performs list_del. Concurrent operations on the list may lead to list corruption and trigger a kernel crash as follows: [ 417.290971] kernel BUG at lib/lis... • https://git.kernel.org/stable/c/31d3ad832948c75139b0e5b653912f7898a1d5d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23125 – sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
https://notcve.org/view.php?id=CVE-2026-23125
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline] RIP: 0010:sctp_packet_appe... • https://git.kernel.org/stable/c/730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 •