linux kernel

The Linux kernel received a small but important patch closing a race that could lead to a kernel use‑after‑free in the SCSI target iSCSI code: CVE‑2026‑23216 fixes a timing window in iscsit_dec_conn_usage_count() where the code called complete() while still holding a connection spinlock...

A subtle pointer-reset bug in the Linux kernel's in‑kernel SMB server, ksmbd, has been assigned CVE‑2026‑23220 and fixed upstream; left unpatched the defect can cause the server to loop indefinitely while repeatedly reprocessing the same failed request, flooding logs and driving CPU usage to...

A small, surgical change landed in the Linux kernel this month after syzbot and KCSAN flagged a data‑race in the bonding driver: fields used to track the last‑received timestamps on bond slaves—most notably slave->last_rx and slave->target_last_arp_rx[]—were being read and written locklessly...

A subtle memory-management mistake in the Linux kernel’s Quick Fair Queueing (QFQ) packet scheduler has been cataloged as CVE-2026-22999 and fixed upstream: an error path in qfq_change_class() can free the existing class and its qdisc when it should not, producing a use‑after‑free (UAF) that...

A recently recorded Linux-kernel security entry, CVE-2026-22991, fixes a subtle but practical memory-safety bug in the kernel’s Ceph client library (libceph) by hardening the cleanup routine free_choose_arg_map() so it no longer dereferences NULL when its caller fails after a partial allocation...

A small change in the Linux kernel’s Ceph client code — replacing a fatal assertion with a graceful error path in osdmap_apply_incremental() — closed CVE‑2026‑22990, eliminating a trivial path to a kernel panic but raising a set of operational and defensive‑coding questions operators should not...

The Linux kernel received a targeted, surgical fix on 23 January 2026 for a bounds‑checking bug in the Ceph client library (libceph) that could allow an out‑of‑bounds read during authentication processing; the issue has been assigned CVE‑2026‑22984 and is addressed by an explicit check on the...

The Linux kernel received a targeted fix for a crash in the MSCC Ocelot driver that could be triggered when adding an interface to a Link Aggregation Group (LAG), tracked as CVE-2026-22982 — a local, denial-of-service vulnerability rooted in a NULL pointer dereference in the ocelot driver's...

The Linux kernel received a targeted fix for a subtle but potentially disruptive race condition in the NFS daemon (nfsd) that could lead to memory being accessed after it was freed. Tracked as CVE-2026-22980, the issue centers on handling of the NFSv4 grace period end — specifically the...

A recently assigned CVE, CVE-2026-22979, fixes a subtle but operationally meaningful memory-leak in the Linux network stack where skb_segment_list() mishandles socket memory accounting for GRO-aggregated packets, a bug that can leave per-socket memory counters non-zero and prevent sockets from...

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

A subtle reference-counting bug in the Linux kernel’s Controller Area Network (CAN) J1939 stack — tracked as CVE-2026-22997 — can lead to a persistent session leak and local denial-of-service conditions when the kernel receives a second RTS (Request To Send) for an active XTP transfer. The flaw...

The Linux kernel received a small but consequential bugfix in the Ceph client library (libceph) that corrects a missing error return in the authentication completion path — a change tracked as CVE‑2026‑22992 that, if left unpatched, can leave higher layers confused about authentication state and...

The Linux kernel patch addressing CVE-2026-22978 fixes a subtle but meaningful kernel information‑disclosure bug in the wireless (WEXT) code by ensuring the legacy user-facing structure struct iw_point is zero‑initialized before it’s returned to userspace, closing a 32‑bit “hole” on 64‑bit...

A subtle but consequential weakness in the Linux kernel’s socket handling has been assigned CVE‑2026‑22977: a hardened‑usercopy panic in sock_recv_errqueue that can crash systems compiled with usercopy hardening enabled. The defect is not a remote code‑execution hole, but it produces a...

The Linux kernel's QFQ (Quick Fair Queueing) network scheduler was patched this month to fix a NULL pointer dereference that could crash a system when a qdisc reset deactivates an aggregate that is actually inactive — the flaw has been catalogued as CVE-2026-22976 and was published on January...

The Linux kernel’s scheduler subsystem received a targeted fix this month for a subtle-but-real concurrency bug tracked as CVE‑2026‑23225: a logic error in sched/mmcid where code assumed a Concurrency ID (CID) was “CPU‑owned” during a mode transition, producing an out‑of‑bounds access (reported...

A one-line mistake in XFS scrub code has produced a classic memory-safety problem with outsized operational impact: a use-after-free (UAF) in the XFS filesystem’s B-tree checking path, tracked as CVE-2026-23223, has been fixed upstream and is now being rolled into stable kernels and Linux...

EROFS in the Linux kernel has been patched for a race-condition use‑after‑free that can trigger kernel panics when a file‑backed mount is used together with the directio option — tracked as CVE-2026-23224 — and the fix replaces an unsafe free path with a simple reference‑counting discipline that...

A dodgy race in the Linux kernel’s virtio crypto path has been fixed by adding spinlock protection around virtqueue notification handling — a surgical change that closes a denial‑of‑service and hang condition seen when the virtio‑crypto device and the AF_ALG backend are exercised concurrently...