CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23141 – btrfs: send: check for inline extents in range_is_hole_in_parent()
https://notcve.org/view.php?id=CVE-2026-23141
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data starts at the offset of the disk_bytenr field. So accessing the disk_bytenr means we are accessing inline data or in case the inline data is less than 8 bytes we can actually cause an invalid memory access if thi... • https://git.kernel.org/stable/c/82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71202 – iommu/sva: invalidate stale IOTLB entries for kernel address space
https://notcve.org/view.php?id=CVE-2025-71202
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be triggered by unp... • https://git.kernel.org/stable/c/2f26e0a9c9860db290d63e9d85c2c8c09813677f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23140 – bpf, test_run: Subtract size of xdp_frame from allowed metadata size
https://notcve.org/view.php?id=CVE-2026-23140
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Subtract size of xdp_frame from allowed metadata size The xdp_frame structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpf_test_run, we don't take this into account, which makes it possible for userspace to supply a metadata size that is too large (taking up the entire headroom). If userspace supplies such a large metadata size in live packet mode, the xdp_update_frame_from_buff(... • https://git.kernel.org/stable/c/b6f1f780b3932ae497ed85e79bc8a1e513883624 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23139 – netfilter: nf_conncount: update last_gc only when GC has been performed
https://notcve.org/view.php?id=CVE-2026-23139
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high packet rate, it is possible to always bypass the GC, causing the list to grow infinitely. Update the last_gc value only when a GC has been actually performed. In the Linux kernel, the following vulnerability has ... • https://git.kernel.org/stable/c/d265929930e2ffafc744c0ae05fb70acd53be1ee •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23138 – tracing: Add recursion protection in kernel stack trace recording
https://notcve.org/view.php?id=CVE-2026-23138
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into RCU which then called the stack trace again. Expand the ftrace recursion protection to add a set of bits to protect events from recursion. Each bit represents the context that the event is in (normal, softirq, inter... • https://git.kernel.org/stable/c/5f5fa7ea89dc82d34ed458f4d7a8634e8e9eefce •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23137 – of: unittest: Fix memory leak in unittest_data_add()
https://notcve.org/view.php?id=CVE-2026-23137
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory ... • https://git.kernel.org/stable/c/2eb46da2a760e5764c48b752a5ef320e02b96b21 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23133 – wifi: ath10k: fix dma_free_coherent() pointer
https://notcve.org/view.php?id=CVE-2026-23133
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. ... • https://git.kernel.org/stable/c/2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23128 – arm64: Set __nocfi on swsusp_arch_resume()
https://notcve.org/view.php?id=CVE-2026-23128
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: Set __nocfi on swsusp_arch_resume() A DABT is reported[1] on an android based system when resume from hiberate. This happens because swsusp_arch_suspend_exit() is marked with SYM_CODE_*() and does not have a CFI hash, but swsusp_arch_resume() will attempt to verify the CFI hash when calling a copy of swsusp_arch_suspend_exit(). Given that there's an existing requirement that the entrypoint to swsusp_arch_suspend_exit() is the first b... • https://git.kernel.org/stable/c/89245600941e4e0f87d77f60ee269b5e61ef4e49 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23126 – netdevsim: fix a race issue related to the operation on bpf_bound_progs list
https://notcve.org/view.php?id=CVE-2026-23126
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpf_bound_progs list The netdevsim driver lacks a protection mechanism for operations on the bpf_bound_progs list. When the nsim_bpf_create_prog() performs list_add_tail, it is possible that nsim_bpf_destroy_prog() is simultaneously performs list_del. Concurrent operations on the list may lead to list corruption and trigger a kernel crash as follows: [ 417.290971] kernel BUG at lib/lis... • https://git.kernel.org/stable/c/31d3ad832948c75139b0e5b653912f7898a1d5d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23125 – sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
https://notcve.org/view.php?id=CVE-2026-23125
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2 RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline] RIP: 0010:sctp_packet_appe... • https://git.kernel.org/stable/c/730fc3d05cd4ba4c9ce2de91f3d43349e95dbbf5 •