7.0
CVE-2026-23054 - net: hv_netvsc: reject RSS hash key programming without RX indirection table
In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() does not allocate an β¦
0.0
CVE-2025-71198 - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection
In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL event_spec field, indicating support for IIO events. However, event detection isβ¦
5.5
CVE-2026-23080 - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In mcba_usb_probe() -> mcba_usb_start(), tβ¦
7.1
CVE-2026-23076 - ALSA: ctxfi: Fix potential OOB access in audio mixer handling
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling In the audio mixer handling code of ctxfi driver, the conf field is used as a kind of loop index, and it's referred in the index callbacks (amixer_index() and sum_indeβ¦
5.5
CVE-2026-23044 - PM: hibernate: Fix crash when freeing invalid crypto compressor
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() unconditionally callβ¦
7.8
CVE-2026-23089 - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed memory. Later when sndβ¦
5.5
CVE-2026-23108 - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), thβ¦
7.8
CVE-2026-23073 - wifi: rsi: Fix memory corruption due to not set vif driver data size
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory corruption due to not set vif driver data size The struct ieee80211_vif contains trailing space for vif driver data, when struct ieee80211_vif is allocated, the total memory size that is allocated is sizeof(β¦
7.0
CVE-2025-71193 - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data. Thβ¦
5.5
CVE-2026-23100 - mm/hugetlb: fix hugetlb_pmd_shared()
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional fix, one performance regression fix, and two related comment fixes. I cleaned up my protoβ¦