0.0
CVE-2026-23311 - perf/core: Fix invalid wait context in ctx_sched_in()
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue loβ¦
0.0
CVE-2026-23310 - bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded bond_option_mode_set() already rejects mode changes that would make a loaded XDP program incompatible via bond_xdp_check(). However, bond_option_xmit_hasβ¦
0.0
CVE-2026-23309 - tracing: Add NULL pointer check to trigger_data_free()
In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse() jumps to the out_free error path. While kfree() safely handles a NULL pointer, trigger_data_free() β¦
0.0
CVE-2026-23308 - pinctrl: equilibrium: fix warning trace on load
In the Linux kernel, the following vulnerability has been resolved: pinctrl: equilibrium: fix warning trace on load The callback functions 'eqbr_irq_mask()' and 'eqbr_irq_ack()' are also called in the callback function 'eqbr_irq_mask_ack()'. This is done to avoid source code duplication. The probβ¦
0.0
CVE-2026-23307 - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message When looking at the data in a USB urb, the actual_length is the size of the buffer passed to the driver, not the transfer_buffer_length which is setβ¦
0.0
CVE-2026-23306 - scsi: pm8001: Fix use-after-free in pm8001_queue_command()
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001_queue_command() Commit e29c47fe8946 ("scsi: pm8001: Simplify pm8001_task_exec()") refactors pm8001_queue_command(), however it introduces a potential cause of a double free scenario whenβ¦
0.0
CVE-2026-23305 - accel/rocket: fix unwinding in error path in rocket_probe
In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the firstβ¦
0.0
CVE-2026-23304 - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() l3mdev_master_dev_rcu() can return NULL when the slave device is being un-slaved from a VRF. All other callers deal with this, but we lost the fallback to loopback in ip6_rt_pcβ¦
0.0
CVE-2026-23303 - smb: client: Don't log plaintext credentials in cifs_set_cifscreds
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing cβ¦
0.0
CVE-2026-23302 - net: annotate data-races around sk->sk_{data_ready,write_space}
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations β¦