CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23110 – scsi: core: Wake up the error handler when final completions race against each other
https://notcve.org/view.php?id=CVE-2026-23110
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes or times out has race conditions. These race conditions can cause the SCSI layer to fail to wake the error handler, leaving I/O through the SCSI host stuck as the error state cannot advance. First, there is an memory... • https://git.kernel.org/stable/c/6eb045e092efefafc6687409a6fa6d1dabf0fb69 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23108 – can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
https://notcve.org/view.php?id=CVE-2026-23108
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> ... • https://git.kernel.org/stable/c/0024d8ad1639e32d717445c69ca813fd19c2a91c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23107 – arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA
https://notcve.org/view.php?id=CVE-2026-23107
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can place a task into an invalid state where TIF_SME is set but the task's sve_state is NULL. In legitimate but uncommon cases where the ZA signal context was NOT created by the kernel in the context of the same task (e.g. if the task is s... • https://git.kernel.org/stable/c/39782210eb7e87634d96cacb6ece370bc59d74ba •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23105 – net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
https://notcve.org/view.php?id=CVE-2026-23105
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq. use cl_is_active instead of relying on the child qdisc's qlen to determine class activation. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of s... • https://git.kernel.org/stable/c/462dbc9101acd38e92eda93c0726857517a24bbd •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23104 – ice: fix devlink reload call trace
https://notcve.org/view.php?id=CVE-2026-23104
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ice_init_feature() and ice_hwmon_exit() was added to ice_remove(). As a result if devlink reload is used to reinit the device and then the driver is removed, a call trace can occur. BUG: unable to handle page fault for address: ffffffffc0fd4b5d Call Trace: st... • https://git.kernel.org/stable/c/4da71a77fc3be1fcb680c8d78e1a1fb8017905ad •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23103 – ipvlan: Make the addrs_lock be per port
https://notcve.org/view.php?id=CVE-2026-23103
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. So 1) Introduce per-port addrs_lock. 2) It was needed to fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close) This appears to be a very minor problem though. Since it's highly unlikely that ip... • https://git.kernel.org/stable/c/8230819494b3bf284ca7262ac5f877333147b937 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-23102 – arm64/fpsimd: signal: Fix restoration of SVE context
https://notcve.org/view.php?id=CVE-2026-23102
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds memory (and may potentially take a fatal fault) and/or may kill the task with a SIGKILL. (1) Restoring a context with SVE_SIG_FLAG_SM set can place the task into an invalid state where SVCR.SM is set (and sve_state is... • https://git.kernel.org/stable/c/85ed24dad2904f7c141911d91b7807ab02694b5e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23101 – leds: led-class: Only Add LED to leds_list when it is fully ready
https://notcve.org/view.php?id=CVE-2026-23101
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work gets initialized. This leaves a window where led_trigger_register() of a LED's default trigger will call led_trigger_set() which calls led_set_brightness() which in turn will end up queueing the *uninitialized* led_classdev.set_bright... • https://git.kernel.org/stable/c/d23a22a74fded23a12434c9463fe66cec2b0afcd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23100 – mm/hugetlb: fix hugetlb_pmd_shared()
https://notcve.org/view.php?id=CVE-2026-23100
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional fix, one performance regression fix, and two related comment fixes. I cleaned up my prototype I recently shared [1] for the performance fix, deferring most of the cleanups I had in the prototype to a later point. While doing that I identified the other things. The goal of this patch set is to be backported... • https://git.kernel.org/stable/c/59d9094df3d79443937add8700b2ef1a866b1081 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23099 – bonding: limit BOND_MODE_8023AD to Ethernet devices
https://notcve.org/view.php?id=CVE-2026-23099
04 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inline] BUG: KASAN: global-out-of-bounds in __hw_addr_add_ex+0x25d/0x760 net/core/dev_addr_lists.c:118 Read of size 16 at addr ffffffff8bf94040 by task syz.1.3580/19497 CPU: 1 UID: 0 PID: 19497 Comm: syz.1.3580 Tainted: G L syzkaller #0 PRE... • https://git.kernel.org/stable/c/872254dd6b1f80cb95ee9e2e22980888533fc293 •