5.5
CVE-2026-23473 - kernel: io_uring/poll: fix multishot recv missing EOF on wakeup race
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0.0
CVE-2026-23470 - drm/imagination: Fix deadlock in soft reset sequence
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, hence it cannot call disable_irq() which internally waits for IRQ handlers, i.e. itself, to completβ¦
7.0
CVE-2026-23454 - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown A potential race condition exists in mana_hwc_destroy_channel() where hwc->caller_ctx is freed before the HWC's Completion Queue (CQ) and Event Quβ¦
5.5
CVE-2026-31390 - drm/xe: Fix memory leak in xe_vm_madvise_ioctl
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. (chβ¦
5.5
CVE-2026-23448 - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ((ndpoffset + β¦
5.5
CVE-2026-23442 - ipv6: add NULL checks for idev in SRv6 paths
In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by __in6_dev_get() inβ¦
5.5
CVE-2026-23443 - ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()"), device pointers may be dereferenced after dropping referβ¦
7.8
CVE-2026-31401 - HID: bpf: prevent buffer overflow in hid_hw_request
In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of dispatβ¦
7.8
CVE-2026-31404 - NFSD: Defer sub-object cleanup in export put callbacks
In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc_export_put() calls path_put() and auth_domain_put() immediately when the last reference drops, before the RCU grace period. RCU readers in e_show() and c_show() access boβ¦
7.8
CVE-2026-31389 - spi: fix use-after-free on controller registration failure
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of drβ¦