3.3
CVE-2026-23302 - net: annotate data-races around sk->sk_{data_ready,write_space}
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations β¦
5.5
CVE-2026-23384 - RDMA/ionic: Fix kernel stack leak in ionic_create_cq()
In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTIALLY SET (see below) __u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask) β¦
5.5
CVE-2026-23366 - drm/client: Do not destroy NULL modes
In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference β¦
5.5
CVE-2026-23369 - i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk i801_β¦
5.5
CVE-2026-23300 - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device (e.g., "ip -6 nexthop add id 100 dev lo"), fib6_nh_init() misclassifies it as a reject β¦
0.0
CVE-2026-23279 - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh->chsw_ttl = elems->mesh_chanswβ¦
5.5
CVE-2026-23333 - kernel: netfilter: nft_set_rbtree: validate open interval overlap
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2026-23334 - can: usb: f81604: handle short interrupt urb messages properly
In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.
8.8
CVE-2025-67030 - org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
7.8
CVE-2026-23351 - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemβ¦