CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23255 – net: add proper RCU protection to /proc/net/ptype
https://notcve.org/view.php?id=CVE-2026-23255
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_show() violate RCU rules. ptype_seq_show() runs under rcu_read_lock(), and reads pt->dev to get device name without any barrier. At the same time, concurrent writers can remove a packet_type structure (which is correctly freed after an RCU grace period) and clear pt->... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23254 – net: gro: fix outer network offset
https://notcve.org/view.php?id=CVE-2026-23254
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulation` flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading the checksum for an UDP encapsulated traffic, the tun driver can inject GSO packets with UDP encapsulation and the problematic layout can also be created via a veth based setup. Due to the above, in the problematic... • https://git.kernel.org/stable/c/af276a5ac8e938c8b058e3e124073cc1e322d98b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71270 – LoongArch: Enable exception fixup for specific ADE subcode
https://notcve.org/view.php?id=CVE-2025-71270
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPF_PROBE_MEM* instructions. When a BPF program performs memory access operations, the instructions it executes may trigger ADEM exceptions. The kernel’s built-in BPF exception table mechanism (EX_TYPE_BPF) will generate corresponding exception fixup entries in the JIT compilation phase; ... • https://git.kernel.org/stable/c/dbcd7f5fafea64dbe588c4ec18bc309fde5d1e1c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71269 – btrfs: do not free data reservation in fallback from inline due to -ENOSPC
https://notcve.org/view.php?id=CVE-2025-71269
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create an inline extent due to -ENOSPC, we will attempt to go through the normal COW path, reserve an extent, create an ordered extent, etc. However we were always freeing the reserved qgroup data, which is wrong since we will use data. Fix this by freeing the reserved qgroup data in __cow_file_range_inline() only if we are not doing the fallback (ret i... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71268 – btrfs: fix reservation leak in some error paths when inserting inline extent
https://notcve.org/view.php?id=CVE-2025-71268
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup data, resulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data() in such cases. En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: btrfs: corrige una fuga de reserva en algunas rutas de error al insertar... • https://git.kernel.org/stable/c/94ed938aba557aa798acf496f09afb289b619fcd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23253 – media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
https://notcve.org/view.php?id=CVE-2026-23253
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which reinitializes the waitqueue list head to empty. Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the same DVR device share it), this orphans any existing waitqueue entries from io_uring poll or epoll, leaving them with... • https://git.kernel.org/stable/c/34731df288a5ffe4b0c396caf8cd24c6a710a222 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23252 – xfs: get rid of the xchk_xfile_*_descr calls
https://notcve.org/view.php?id=CVE-2026-23252
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and... • https://git.kernel.org/stable/c/ab97f4b1c030750f2475bf4da8a9554d02206640 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23251 – xfs: only call xf{array,blob}_destroy if we have a valid pointer
https://notcve.org/view.php?id=CVE-2026-23251
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10. En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: xfs: solo llamar a xf{array,blob}_destroy si tenemos un puntero válido Solo llamar al d... • https://git.kernel.org/stable/c/ab97f4b1c030750f2475bf4da8a9554d02206640 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23250 – xfs: check return value of xchk_scrub_create_subord
https://notcve.org/view.php?id=CVE-2026-23250
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk_scrub_create_subord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code merged between 6.2 and 6.10. En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: xfs: comprobar el valor de retorno de xchk_scrub_create_subord Corregir esta función para que devuelva NULL en lu... • https://git.kernel.org/stable/c/1a5f6e08d4e379a23da5be974aee50b26a20c5b0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23249 – xfs: check for deleted cursors when revalidating two btrees
https://notcve.org/view.php?id=CVE-2026-23249
18 Mar 2026 — In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions are gone. However, Jiaming Zhang ran syzbot and produced a crash in the second xchk_allocbt call. His root-cause analysis is as follows (with minor corrections): In xrep_revalidate_allocbt(), xchk_allocbt() is called... • https://git.kernel.org/stable/c/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418 •