linux kernel

A subtle locking bug in the kernel's RxRPC recvpath can corrupt internal socket queues and lead to use-after-free and refcount underruns — a flaw tracked as CVE-2026-23066 that was introduced by incorrect requeue logic in rxrpc_recvmsg() and fixed upstream by a targeted patch in early 2026...

A subtle but important Linux kernel race condition in the espintcp TCP‑encapsulation code has been assigned CVE‑2026‑23239 and quietly landed fixes across the kernel trees: the patch replaces a cancel_work_sync() call with disable_work_sync() in espintcp_close() to prevent a worker from touching...

The Linux kernel entry for CVE-2026-23236 closes a small but important memory‑handling bug in the legacy fbdev driver for the SMSC UFX USB framebuffer (smscufx): the UFX_IOCTL_REPORT_DAMAGE ioctl did not copy user-provided data into kernel memory safely and instead directly referenced user...

A small, surgical fix to the Linux kernel’s ROMFS loader was published this month after syzbot detected a mount-time path that could leave the kernel trying to perform I/O with an oversized block size and trigger a BUG that crashes the system; the issue is tracked as CVE-2026-23238 and has been...

The Linux kernel received a small but important defensive patch that closes CVE-2026-23237 — a NULL-pointer robustness bug in the Classmate laptop (cmpc) platform driver — by adding defensive checks to several sysfs and input paths, preventing a kernel oops that could otherwise be triggered if...

A subtle but important vulnerability in the Linux kernel’s Flash-Friendly File System (F2FS) — tracked as CVE-2026-23235 — was disclosed and fixed in early March 2026. The root cause is a mismatch between how certain F2FS sysfs attributes are represented in kernel data structures and how the...

A compact but consequential fix for the Linux kernel’s Flash-Friendly File System (F2FS) has closed a use‑after‑free (UAF) race in the f2fs_write_end_io() path, closing a window that could let asynchronous write completions touch freed filesystem state. The issue, tracked as CVE‑2026‑23234 and...

A newly assigned Linux kernel vulnerability, CVE-2026-23217, exposes a subtle but serious deadlock risk on RISC‑V systems when the kernel’s function tracer (ftrace) is configured to snapshot SBI ecall functions — a situation that can hang the entire system. The fix merged into the kernel trees...

The Linux kernel received a narrowly scoped but operationally meaningful security fix this week: a resource-accounting leak in the in‑kernel SMB server (ksmbd) was corrected to ensure the per‑transport connection counter active_num_conn is decremented on connection setup failures, closing...

The Linux kernel received a small but important fix for a scatterlist allocation error in the OMAP crypto driver that was tracked as CVE-2026-23222; the bug caused kmalloc_array() to allocate an array of pointers rather than an array of scatterlist objects, producing an allocation that was four...

The Linux kernel received a small but important patch closing a race that could lead to a kernel use‑after‑free in the SCSI target iSCSI code: CVE‑2026‑23216 fixes a timing window in iscsit_dec_conn_usage_count() where the code called complete() while still holding a connection spinlock...

A subtle pointer-reset bug in the Linux kernel's in‑kernel SMB server, ksmbd, has been assigned CVE‑2026‑23220 and fixed upstream; left unpatched the defect can cause the server to loop indefinitely while repeatedly reprocessing the same failed request, flooding logs and driving CPU usage to...

A small, surgical change landed in the Linux kernel this month after syzbot and KCSAN flagged a data‑race in the bonding driver: fields used to track the last‑received timestamps on bond slaves—most notably slave->last_rx and slave->target_last_arp_rx[]—were being read and written locklessly...

A subtle memory-management mistake in the Linux kernel’s Quick Fair Queueing (QFQ) packet scheduler has been cataloged as CVE-2026-22999 and fixed upstream: an error path in qfq_change_class() can free the existing class and its qdisc when it should not, producing a use‑after‑free (UAF) that...

A recently recorded Linux-kernel security entry, CVE-2026-22991, fixes a subtle but practical memory-safety bug in the kernel’s Ceph client library (libceph) by hardening the cleanup routine free_choose_arg_map() so it no longer dereferences NULL when its caller fails after a partial allocation...

A small change in the Linux kernel’s Ceph client code — replacing a fatal assertion with a graceful error path in osdmap_apply_incremental() — closed CVE‑2026‑22990, eliminating a trivial path to a kernel panic but raising a set of operational and defensive‑coding questions operators should not...

The Linux kernel received a targeted, surgical fix on 23 January 2026 for a bounds‑checking bug in the Ceph client library (libceph) that could allow an out‑of‑bounds read during authentication processing; the issue has been assigned CVE‑2026‑22984 and is addressed by an explicit check on the...

The Linux kernel received a targeted fix for a crash in the MSCC Ocelot driver that could be triggered when adding an interface to a Link Aggregation Group (LAG), tracked as CVE-2026-22982 — a local, denial-of-service vulnerability rooted in a NULL pointer dereference in the ocelot driver's...

The Linux kernel received a targeted fix for a subtle but potentially disruptive race condition in the NFS daemon (nfsd) that could lead to memory being accessed after it was freed. Tracked as CVE-2026-22980, the issue centers on handling of the NFSv4 grace period end — specifically the...

A recently assigned CVE, CVE-2026-22979, fixes a subtle but operationally meaningful memory-leak in the Linux network stack where skb_segment_list() mishandles socket memory accounting for GRO-aggregated packets, a bug that can leave per-socket memory counters non-zero and prevent sockets from...