CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23118 – rxrpc: Fix data-race warning and potential load/store tearing
https://notcve.org/view.php?id=CVE-2026-23118
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet which is reporting an issue with the reads and writes to ->last_tx_at in: conn->peer->last_tx_at = ktime_get_seconds(); and: keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME; The lockless accesses to these to values aren't actually a problem as the read only needs an approximate... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23116 – pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
https://notcve.org/view.php?id=CVE-2026-23116
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/608d7c325e855cb4a853afef3cd9f0df594bd12d •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23113 – io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
https://notcve.org/view.php?id=CVE-2026-23113
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking (which will create a new worker for other items), or they complete fairly quickly. But syzbot reports an issue where io-wq takes seemingly forever to exit, and with a bit of debugging, this turns out to be because it queues a bunch of big (2GB - 4096b) reads wi... • https://git.kernel.org/stable/c/c60eb049f4a19ddddcd3ee97a9c79ab8066a6a03 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-71200 – mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode
https://notcve.org/view.php?id=CVE-2025-71200
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes. Add a check to prevent illegal clock reduction through debugfs: root@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock root@debian:/# [ 30.090146] mmc0: ... • https://git.kernel.org/stable/c/c6f361cba51c536e7a6af31973c6a4e5d7e4e2e4 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23112 – nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
https://notcve.org/view.php?id=CVE-2026-23112
13 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2026-23111 – netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()
https://notcve.org/view.php?id=CVE-2026-23111
13 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already ac... • https://git.kernel.org/stable/c/25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23110 – scsi: core: Wake up the error handler when final completions race against each other
https://notcve.org/view.php?id=CVE-2026-23110
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes or times out has race conditions. These race conditions can cause the SCSI layer to fail to wake the error handler, leaving I/O through the SCSI host stuck as the error state cannot advance. First, there is an memory... • https://git.kernel.org/stable/c/6eb045e092efefafc6687409a6fa6d1dabf0fb69 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23108 – can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23108
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> ... • https://git.kernel.org/stable/c/0024d8ad1639e32d717445c69ca813fd19c2a91c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23107 – arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA
https://notcve.org/view.php?id=CVE-2026-23107
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can place a task into an invalid state where TIF_SME is set but the task's sve_state is NULL. In legitimate but uncommon cases where the ZA signal context was NOT created by the kernel in the context of the same task (e.g. if the task is s... • https://git.kernel.org/stable/c/39782210eb7e87634d96cacb6ece370bc59d74ba •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23105 – net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
https://notcve.org/view.php?id=CVE-2026-23105
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of s... • https://git.kernel.org/stable/c/462dbc9101acd38e92eda93c0726857517a24bbd •