5.5
CVE-2026-23151 - Bluetooth: MGMT: Fix memory leak in set_ssp_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are not freed after being removed from the pending list. Commit 302a1f674c00 ("Bluetooth: MGMT: Fix posβ¦
5.5
CVE-2026-23140 - bpf, test_run: Subtract size of xdp_frame from allowed metadata size
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Subtract size of xdp_frame from allowed metadata size The xdp_frame structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpf_test_run, we don't take this into account, wβ¦
5.5
CVE-2026-23137 - of: unittest: Fix memory leak in unittest_data_add()
In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __freeβ¦
7.5
CVE-2026-23136 - libceph: reset sparse-read state in osd_fault()
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate sβ¦
5.5
CVE-2026-23132 - drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind Fix several issues in dw_dp_bind() error handling: 1. Missing return after drm_bridge_attach() failure - the function continued execution instead of returning an erroβ¦
5.5
CVE-2026-23131 - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes multiple kerneβ¦
5.5
CVE-2026-23127 - perf: Fix refcount warning on event->mmap_count increment
In the Linux kernel, the following vulnerability has been resolved: perf: Fix refcount warning on event->mmap_count increment When calling refcount_inc(&event->mmap_count) inside perf_mmap_rb(), the following warning is triggered: refcount_t: addition on 0; use-after-free. WARNINβ¦
5.5
CVE-2026-23116 - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't rβ¦
5.5
CVE-2025-71202 - iommu/sva: invalidate stale IOTLB entries for kernel address space
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code thβ¦
5.5
CVE-2025-71200 - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requiβ¦