CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23167 – nfc: nci: Fix race between rfkill and nci_unregister_device().
https://notcve.org/view.php?id=CVE-2026-23167
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nci_unregister_device(). syzbot reported the splat below [0] without a repro. It indicates that struct nci_dev.cmd_wq had been destroyed before nci_close_device() was called via rfkill. nci_dev.cmd_wq is only destroyed in nci_unregister_device(), which (I think) was called from virtual_ncidev_close() when syzbot close()d an fd of virtual_ncidev. The problem is that nci_unregister_device() destroys nci_d... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23164 – rocker: fix memory leak in rocker_world_port_post_fini()
https://notcve.org/view.php?id=CVE-2026-23164
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rocker_world_port_post_fini() In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with kzalloc(wops->port_priv_size, GFP_KERNEL). However, in rocker_world_port_post_fini(), the memory is only freed when wops->port_post_fini callback is set: if (!wops->port_post_fini) return; wops->port_post_fini(rocker_port); kfree(rocker_port->wpriv); Since rocker_ofdpa_ops does not implement port_post_fini callback ... • https://git.kernel.org/stable/c/e420114eef4a3a5025a243b89b0dc343101e3d3c •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23157 – btrfs: do not strictly require dirty metadata threshold for metadata writepages
https://notcve.org/view.php?id=CVE-2026-23157
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 processes are waiting at the io_schedule_timeout() of balance_dirty_pages(), causing a system hang and trigger a kernel coredump. The kernel is v6.4 kernel based, but the root problem still applies to any upstream kernel before v6.18. [CAUSE] From Jan Kara for his wisdom on the dirty page balance behavior first. T... • https://git.kernel.org/stable/c/793955bca66c99defdffc857ae6eb7e8431d6bbe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23156 – efivarfs: fix error propagation in efivar_entry_get()
https://notcve.org/view.php?id=CVE-2026-23156
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get(). In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get... • https://git.kernel.org/stable/c/2d82e6227ea189c0589e7383a36616ac2a2d248c •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23154 – net: fix segmentation of forwarding fraglist GRO
https://notcve.org/view.php?id=CVE-2026-23154
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY flag for frag_list GSO packets, addressing low throughput issues observed when a station accesses IPv4 servers via hotspots with an IPv6-only upstream interface. Specifically, it fixes a bug in GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly proce... • https://git.kernel.org/stable/c/9fd1ff5d2ac7181844735806b0a703c942365291 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23150 – nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
https://notcve.org/view.php?id=CVE-2026-23150
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk_buff, nfc_dev, etc. [0] The leading log hinted that nfc_llcp_send_ui_frame() failed to allocate skb due to sock_error(sk) being -ENXIO. ENXIO is set by nfc_llcp_socket_release() when struct nfc_llcp_local is destroyed by local_cleanup(). The problem is that there is no synchronisation between nfc_llcp_send_ui_fra... • https://git.kernel.org/stable/c/94f418a206648c9be6fd84d6681d6956b8f8b106 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23146 – Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
https://notcve.org/view.php?id=CVE-2026-23146
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_uart_register_dev(), which calls proto->open() to initialize hu->priv. However, if a TTY write wakeup occurs during this window, hci_uart_tx_wakeup() may schedule write_work before hu->priv is initialized, leading to a NULL pointer dereference in hci_uart_write_work() when proto->dequeue() accesses hu->priv. The ra... • https://git.kernel.org/stable/c/a40f94f7caa8d3421b64f63ac31bc0f24c890f39 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2026-23145 – ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
https://notcve.org/view.php?id=CVE-2026-23145
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code. • https://git.kernel.org/stable/c/1cfb3e4ddbdc8e02e637b8852540bd4718bf4814 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23144 – mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure
https://notcve.org/view.php?id=CVE-2026-23144
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directories under such failures. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/c951cd3b89010c7a4751b9d4ea074007e44851e6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23142 – mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure
https://notcve.org/view.php?id=CVE-2026-23142
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure When a DAMOS-scheme DAMON sysfs directory setup fails after setup of access_pattern/ directory, subdirectories of access_pattern/ directory are not cleaned up. As a result, DAMON sysfs interface is nearly broken until the system reboots, and the memory for the unremoved directory is leaked. Cleanup the directories under such failures. In the Linux kernel, the ... • https://git.kernel.org/stable/c/9bbb820a5bd5f406ae5e0819cc31f2c2e6f4d990 •