CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-22981 – idpf: detach and close netdevs while handling a reset
https://notcve.org/view.php?id=CVE-2026-22981
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state until the reset handling has completed. During a reset, the driver will de-allocate resources for the vport, and there is no guarantee that those will recover, which is why the existing vport_ctrl_lock does not provide sufficient protection. idpf_detach_and_close() is called r... • https://git.kernel.org/stable/c/0fe45467a1041ea3657a7fa3a791c84c104fbd34 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2026-22980 – nfsd: provide locking for v4_end_grace
https://notcve.org/view.php?id=CVE-2026-22980
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called ... • https://git.kernel.org/stable/c/7f5ef2e900d9462bf9cffaf6bb246ed87a20a6d6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-22979 – net: fix memory leak in skb_segment_list for GRO packets
https://notcve.org/view.php?id=CVE-2026-22979
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skb_segment_list for GRO packets When skb_segment_list() is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skb_segment_list assumes that individual segments are split from a parent SKB and may need to carry their own socket memory accounting. Accordingly, the code transfers truesize from the parent to the newly created segments. Prio... • https://git.kernel.org/stable/c/2eeab8c47c3c0276e0746bc382f405c9a236a5ad •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-22978 – wifi: avoid kernel-infoleak from struct iw_point
https://notcve.org/view.php?id=CVE-2026-22978
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 length; /* number of fields or size in bytes */ __u16 flags; /* Optional params */ }; Make sure to zero the structure to avoid disclosing 32bits of kernel data to user space. In the Linux kernel, the following vulnerability has been resolved: wifi: avoid ke... • https://git.kernel.org/stable/c/87de87d5e47f94b4ea647a5bd1bc8dc1f7930db4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71161 – dm-verity: disable recursive forward error correction
https://notcve.org/view.php?id=CVE-2025-71161
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fec_read_bufs, there is a loop that has 253 iterations. For each iteration, we may call verity_hash_for_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. • https://git.kernel.org/stable/c/a739ff3f543afbb4a041c16cd0182c8e8d366e70 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71160 – netfilter: nf_tables: avoid chain re-validation if possible
https://notcve.org/view.php?id=CVE-2025-71160
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [iptables-nft-re:37547] [..] RIP: 0010:nft_chain_validate+0xcb/0x110 [nf_tables] [..] nft_immediate_validate+0x36/0x50 [nf_tables] nft_chain_validate+0xc9/0x110 [nf_tables] nft_immediate_validate+0x36/0x50 [nf_tables] nft_chain_validate+0xc9/0x110 [nf_tables] nft_immed... • https://git.kernel.org/stable/c/a654de8fdc1815676ab750e70cab231fc814c29f •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-71156 – gve: defer interrupt enabling until NAPI registration
https://notcve.org/view.php?id=CVE-2025-71156
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause failures like below: [ 0.946369] Call Trace: [ 0.946369]
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71154 – net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
https://notcve.org/view.php?id=CVE-2025-71154
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and th... • https://git.kernel.org/stable/c/4d12997a9bb3d217ad4b925ec3074ec89364bf95 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71153 – ksmbd: Fix memory leak in get_file_all_info()
https://notcve.org/view.php?id=CVE-2025-71153
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning in this error case. In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function return... • https://git.kernel.org/stable/c/c8f7ad2df083c510e640c0bf76166593cc116ff2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71152 – net: dsa: properly keep track of conduit reference
https://notcve.org/view.php?id=CVE-2025-71152
23 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense. There are two distinct problems. 1. The OF path, which uses of_find_net_device_by_node(), never releases the elevated refcount on the conduit's kobject. Nominally, the OF and non-OF paths should result in objects ha... • https://git.kernel.org/stable/c/83c0afaec7b730b16c518aecc8e6246ec91b265e •