CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23038 – pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
https://notcve.org/view.php?id=CVE-2026-23038
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak. Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources. In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/d67ae825a59d639e4d8b82413af84d854617a87e •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23037 – can: etas_es58x: allow partial RX URB allocation to succeed
https://notcve.org/view.php?id=CVE-2026-23037
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x_open() to return early, skipping the cleanup label 'free_urbs', which leads to the anchored URBs being leaked. As pointed out by maintainer Vincent Mailhol, the driver is designed to handle partial URB allocation gracefully. Therefor... • https://git.kernel.org/stable/c/8537257874e949a59c834cecfd5a063e11b64b0b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23035 – net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
https://notcve.org/view.php?id=CVE-2026-23035
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will work on a valid netdev. On mlx5e_remove: Check validity of priv->profile, before attempting to cleanup any resources that might be not there. This fixes a kernel oops in mlx5e_remove when switchdev mode fails due to change profile failu... • https://git.kernel.org/stable/c/c4d7eb57687f358cd498ea3624519236af8db97e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23033 – dmaengine: omap-dma: fix dma_pool resource leak in error paths
https://notcve.org/view.php?id=CVE-2026-23033
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resource leak in the probe error paths. Add dma_pool_destroy() in both error paths to properly release the allocated dma_pool resource. In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool re... • https://git.kernel.org/stable/c/7bedaa5537604f34d1d63c5ec7891e559d2a61ed •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23032 – null_blk: fix kmemleak by releasing references to fault configfs items
https://notcve.org/view.php?id=CVE-2026-23032
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As... • https://git.kernel.org/stable/c/bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23031 – can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23031
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unancho... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23030 – phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()
https://notcve.org/view.php?id=CVE-2026-23030
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with the child_np has been released, the code will jump to the put_child label and will call the of_node_put() again if the devm_request_threaded_irq() fails. These cause a double free bug. Fix by returning directly to avoid the duplicate... • https://git.kernel.org/stable/c/ed2b5a8e6b98d042b323afbe177a5dc618921b31 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23026 – dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
https://notcve.org/view.php?id=CVE-2026-23026
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes... • https://git.kernel.org/stable/c/5d0c3533a19f48e5e7e73806a3e4b29cd4364130 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23025 – mm/page_alloc: prevent pcp corruption with SMP=n
https://notcve.org/view.php?id=CVE-2026-23025
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: prevent pcp corruption with SMP=n The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0 CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470 Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-71191 – dmaengine: at_hdmac: fix device leak on of_dma_xlate()
https://notcve.org/view.php?id=CVE-2025-71191
31 Jan 2026 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation. In the Linux kernel, the following vulnerability ... • https://git.kernel.org/stable/c/bbe89c8e3d598129b728d1388c3ad9abe4e8e261 •