Skip to main content
CVE-2026-23368 MEDIUM PATCH This Month

This vulnerability is an AB-BA deadlock in the Linux kernel's PHY (Physical Layer) LED trigger subsystem that occurs when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled simultaneously. The deadlock arises because PHY LED triggers are registered during the phy_attach phase while holding the RTNL lock, then attempting to acquire the triggers_list_lock, while the netdev LED trigger code does the reverse—holding triggers_list_lock and attempting to acquire RTNL. This deadlock affects all Linux kernel versions with the affected PHY and LED trigger subsystems enabled (cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), and while not directly exploitable for privilege escalation, it can be triggered to cause a system hang or denial of service by users with network configuration privileges or via userspace LED sysfs writes.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23367 MEDIUM PATCH This Month

A use-of-uninitialized-variable vulnerability exists in the Linux kernel's radiotap parser that can lead to information disclosure when processing radiotap frames with undefined fields. The vulnerability affects all Linux kernel versions using the radiotap namespace parser (cpe:2.3:a:linux:linux) and occurs when undefined radiotap field 18 is present, causing the iterator->_next_ns_data variable to be compared against an uninitialized value. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation, the vulnerability has been patched across multiple kernel branches as evidenced by six distinct commit fixes.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23365 MEDIUM PATCH This Month

The Linux kernel kalmia USB driver fails to validate that connected USB devices have the required endpoints before binding to them, allowing a malicious or malformed USB device to trigger a kernel crash during endpoint access. This denial-of-service vulnerability affects all Linux kernel versions running the kalmia driver (net/usb/kalmia.c) and requires physical USB device connection or local control of USB device enumeration. While no CVSS score or EPSS probability is formally assigned, the vulnerability has been patched across multiple stable kernel branches, indicating recognition of the issue's severity.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23362 MEDIUM PATCH This Month

A locking initialization vulnerability exists in the Linux kernel's CAN BCM (Broadcast Manager) socket implementation where the bcm_tx_lock spinlock is not properly initialized in the RX setup path, creating a race condition when RX_RTR_FRAME flag processing attempts to transmit frames. This affects all Linux kernel versions with the vulnerable CAN BCM code, and while no public exploit is known, the vulnerability could lead to kernel memory corruption or denial of service if the uninitialized lock is accessed during concurrent RTR frame handling.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23357 MEDIUM PATCH This Month

A deadlock vulnerability exists in the Linux kernel's mcp251x CAN bus driver where the mcp251x_open() function calls free_irq() while holding the mpc_lock mutex during error handling, causing the function to deadlock if an interrupt occurs simultaneously. This affects all Linux kernel versions with the vulnerable mcp251x driver code, and while not actively exploited in the wild (no KEV status indicates no in-the-wild exploitation), it represents a local denial of service condition where a user with appropriate device access can trigger driver initialization failures that hang the system.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23356 MEDIUM PATCH This Month

A logic error in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem causes drbd_al_begin_io_nonblock() to fail silently when activity log extent acquisition fails due to spinlock contention, leading to loss of mutual exclusivity guarantees between resync and application I/O operations. This vulnerability affects all Linux kernel versions with the affected DRBD code and can result in kernel crashes via BUG_ON() assertions when activity log references are incorrectly released, as well as potential data consistency issues during active resync operations when concurrent application I/O proceeds without proper exclusivity enforcement.

Denial Of Service Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23352 MEDIUM PATCH This Month

A memory management vulnerability in the Linux kernel's EFI boot services implementation causes a leak of approximately 140MB of RAM on systems with CONFIG_DEFERRED_STRUCT_PAGE_INIT enabled, particularly affecting resource-constrained EC2 instances with 512MB total RAM. The vulnerability occurs when efi_free_boot_services() attempts to free EFI boot services memory before the kernel's deferred memory map initialization is complete, resulting in freed pages being skipped and never returned to the memory pool. This is a kernel-level memory exhaustion issue affecting all Linux distributions, though impact is most severe on systems with minimal RAM; no active exploitation or proof-of-concept has been identified as this is a resource leak rather than a code execution vector.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23339 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's NFC NCI subsystem where the nci_transceive() function fails to free socket buffer (skb) objects on three early error paths (-EPROTO, -EINVAL, -EBUSY), causing kernel memory exhaustion over time. The vulnerability affects all Linux kernel versions with the vulnerable code in the NFC NCI driver, impacting any system with NFC capabilities that processes malformed or resource-constrained NCI transactions. While not directly exploitable for code execution, attackers can trigger memory exhaustion leading to denial of service by sending specially crafted NFC messages that trigger the error paths, and the vulnerability has been confirmed in kernel self-tests via kmemleak detection.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23335 MEDIUM PATCH This Month

A kernel stack memory leak exists in the Linux kernel's RDMA/irdma driver within the irdma_create_user_ah() function, where 4 bytes of uninitialized kernel stack memory are leaked to user space through the rsvd (reserved) field of the irdma_create_ah_resp structure. This information disclosure vulnerability affects all Linux kernel versions with the vulnerable irdma driver code, allowing any unprivileged user with access to RDMA operations to read sensitive kernel stack data. While no CVSS score or EPSS metric is currently available, the vulnerability is classified as Information Disclosure and has been patched across multiple stable kernel branches, indicating upstream recognition and remediation.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23324 MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's ETAS ES58X USB CAN driver where URBs (USB Request Blocks) submitted in the read bulk callback are not properly anchored before submission, potentially causing memory leaks when usb_kill_anchored_urbs() is invoked. This affects all Linux kernel versions running the etas_es58x driver. An attacker with local access to trigger device disconnection or system shutdown could cause kernel memory exhaustion through repeated URB leaks, leading to denial of service or information disclosure of kernel memory contents.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23321 MEDIUM PATCH This Month

A logic error in the Linux kernel's MPTCP (MultiPath TCP) path management subsystem fails to properly track endpoint usage state when an endpoint is configured with both 'signal' and 'subflow' flags and subsequently removed. This causes a kernel warning and potential state inconsistency in the MPTCP connection management code. The vulnerability affects Linux kernel versions and is triggered through netlink socket manipulation by unprivileged users, potentially leading to denial of service or unexpected kernel behavior.

Linux Debian Ubuntu Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23312 MEDIUM PATCH This Month

The Linux kernel's kaweth USB driver fails to validate that probed USB devices have the expected number and types of endpoints before binding to them, allowing a malicious or malformed USB device to cause a kernel crash when the driver blindly accesses non-existent endpoints. This denial-of-service vulnerability affects Linux kernel versions across multiple stable branches and can be triggered by any user with the ability to connect a crafted USB device to a system running the vulnerable kernel. While CVSS and EPSS scores are not available, the vulnerability represents a straightforward crash vector with no reported active exploitation but patches are available across multiple kernel versions.

Linux Denial Of Service Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23309 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the Linux kernel's event tracing subsystem, specifically in the trigger_data_free() function which fails to validate NULL pointers before dereferencing the data->cmd_ops field. This affects all Linux kernel versions where the vulnerable tracing code is present, and can be exploited by local attackers with appropriate privileges to cause a denial of service through kernel panic. The vulnerability was discovered through automated code review rather than active exploitation in the wild, and patches have been committed to stable kernel branches.

Linux Null Pointer Dereference Denial Of Service Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23304 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the Linux kernel's IPv6 routing code within the ip6_rt_get_dev_rcu() function, triggered when a slave device is being un-slaved from a Virtual Routing and Forwarding (VRF) context. The vulnerability affects all Linux kernel versions with the affected code path and can be exploited to cause a kernel panic and denial of service. This issue was introduced by commit 4832c30d5458 which removed the fallback to loopback device handling, and multiple stable kernel branches have received patches to restore the NULL pointer check and fallback logic.

Null Pointer Dereference Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23303 MEDIUM PATCH This Month

The Linux kernel CIFS client contains an information disclosure vulnerability where debug logging in the cifs_set_cifscreds() function exposes plaintext usernames and passwords in kernel logs when debug logging is enabled. This affects all versions of the Linux kernel with CIFS client support, allowing any local user or administrator with access to kernel logs to recover plaintext SMB credentials. While no CVSS score, EPSS data, or KEV status is publicly available, the severity is elevated due to the direct exposure of authentication credentials in commonly-accessible debug logs.

Information Disclosure Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23300 MEDIUM PATCH This Month

A kernel panic vulnerability exists in Linux IPv6 nexthop handling where standalone IPv6 nexthop objects created with loopback devices are misclassified as reject routes, causing the nhc_pcpu_rth_output field to remain unallocated. When an IPv4 route subsequently references this nexthop, a NULL pointer dereference in __mkroute_output() triggers a kernel panic, resulting in denial of service. All Linux kernel versions with IPv6 nexthop support are affected, and the vulnerability is remotely triggerable by unprivileged users with network configuration capabilities.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23298 MEDIUM PATCH This Month

A denial-of-service vulnerability exists in the Linux kernel's ucan (CAN-over-USB) driver where malformed USB messages with a zero-length field cause an infinite loop in the ucan_read_bulk_callback() function, hanging the entire system. An attacker with physical access to a USB port can connect a malicious or compromised CAN device to trigger this condition, rendering the affected system unresponsive. While no CVSS or EPSS scores are available, the vulnerability is confirmed as patched across multiple stable kernel branches with six commits addressing the issue.

Denial Of Service Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23296 MEDIUM PATCH This Month

A reference count leak in the Linux kernel's SCSI core subsystem causes the tagset_refcnt reference counter to fail to decrement properly, resulting in resource exhaustion and system hangs during SCSI host teardown. This affects all Linux kernel versions with the vulnerable code path, particularly impacting iSCSI configurations where the leak manifests as indefinite blocking in scsi_remove_host() calls. While not actively exploited in the wild (no KEV status), this is a denial-of-service vulnerability that can be triggered by any user with the ability to manage SCSI sessions or trigger host removal operations.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23293 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the Linux kernel's VXLAN implementation when IPv6 is disabled via the 'ipv6.disable=1' boot parameter. When an IPv6 packet is injected into a VXLAN interface, the route_shortcircuit() function attempts to call neigh_lookup() on an uninitialized nd_tbl (neighbor discovery table), causing a kernel panic and denial of service. This affects all Linux distributions shipping vulnerable kernel versions, and while no CVSS score or EPSS data is provided, the presence of six stable kernel commits and reproducible crash conditions indicates high practical impact.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23292 MEDIUM PATCH This Month

A recursive locking vulnerability exists in the Linux kernel's target core configfs implementation where the target_core_item_dbroot_store() function attempts to open a file using filp_open() while already holding a semaphore (frag_sem) acquired in flush_write_buffer(), creating a deadlock condition when the same configfs file is accessed. This affects all Linux kernel versions with the vulnerable target subsystem code, and while no CVSS score or EPSS data is publicly available, the vulnerability has been resolved across multiple stable kernel branches with patch commits available in the kernel git repository, suggesting active acknowledgment of the issue as a legitimate kernel bug requiring remediation.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23291 MEDIUM PATCH This Month

This vulnerability involves improper resource cleanup in the Linux kernel's NFC PN533 USB driver, where a reference count on the USB interface is not properly released when a device is disconnected. Affected systems include all Linux kernel versions with the vulnerable PN533 driver code, impacting any system using NFC devices based on the PN533 chipset. While this is a resource management issue rather than a direct memory corruption vulnerability, it can lead to information disclosure or denial of service through USB interface resource exhaustion over repeated device attach/detach cycles. The vulnerability has been resolved in the Linux kernel with multiple backported patches available across stable branches.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23290 MEDIUM PATCH This Month

The pegasus USB network driver in the Linux kernel fails to validate that connected USB devices have the proper number and types of endpoints before binding to them, allowing a malicious USB device to trigger a kernel crash through null pointer dereference or out-of-bounds memory access. This denial-of-service vulnerability affects Linux kernel versions across multiple stable branches, as evidenced by patches applied to at least six different kernel maintenance branches. An attacker with physical access to a target system or the ability to inject a crafted USB device into the network could crash the kernel without authentication or elevated privileges, though no public exploit code or active exploitation in the wild has been reported.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23289 MEDIUM PATCH This Month

This vulnerability is a resource leak in the Linux kernel's InfiniBand mthca driver within the mthca_create_srq() function, where the mthca_unmap_user_db() cleanup call is missing on the error path. A user with local access can trigger this leak by causing the mthca_create_srq() system call to fail, resulting in persistent kernel memory not being freed, which could lead to denial of service through memory exhaustion. While no CVSS score, EPSS value, or KEV status is documented, the issue affects all Linux kernel versions using the mthca driver and has been patched across multiple stable kernel branches as evidenced by six linked commit fixes.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23287 MEDIUM PATCH This Month

A race condition in the SiFive PLIC (Platform Level Interrupt Controller) interrupt handling code can cause interrupts to become frozen when interrupt affinity is modified while an interrupt is being processed. The vulnerability affects Linux kernel implementations using the SiFive PLIC irqchip driver, potentially causing system hangs or device unresponsiveness on RISC-V systems. While not actively exploited in the wild, the issue is easily reproducible through concurrent affinity changes and high interrupt load, making it a practical denial-of-service concern for affected systems.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23286 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's ATM LANE module (lec_arp_clear_vccs function) where multiple ARP entries can share the same virtual circuit connection (VCC). When a VCC is closed, the kernel iterates through ARP entries and clears associated VCC pointers; if multiple entries share the same VCC, the first iteration frees the vpriv structure and sets it to NULL, causing subsequent iterations to crash when attempting to dereference the now-NULL pointer. A local attacker can trigger this denial of service condition through crafted ATM socket operations, as demonstrated by existing syzkaller reproducers.

Null Pointer Dereference Denial Of Service Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23284 MEDIUM PATCH This Month

This vulnerability exists in the Linux kernel's MediaTek Ethernet driver (mtk_eth_soc) where an eBPF program pointer is not properly reset to its previous state if the mtk_xdp_setup() function encounters an error during the mtk_open routine. This resource management flaw can lead to incorrect reference counting of eBPF programs, potentially causing use-after-free or memory leak conditions. All Linux kernel versions with the affected MediaTek Ethernet driver (cpe:2.3:a:linux:linux) are impacted, and the vulnerability has been patched across multiple stable kernel branches as evidenced by six commit references spanning different kernel versions.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20668 MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction in system logs, enabling installed applications to access sensitive user data that should have been masked. This vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.3 and earlier, iPadOS 26.3 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.3 and earlier, and visionOS 26.3 and earlier. An attacker with the ability to install or control an application on an affected device could exploit inadequate log data filtering to extract confidential user information that should be protected by the operating system's redaction mechanisms.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28868 MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction, potentially enabling applications to disclose kernel memory contents. This information disclosure vulnerability affects iOS and iPadOS (versions prior to 18.7.7 and 26.4), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4), visionOS 26.4, and watchOS 26.4. An untrusted application with standard execution privileges could exploit this to read sensitive kernel memory that should have been redacted from logs, potentially exposing cryptographic material, memory addresses useful for ASLR bypass, or other privileged information. No CVSS score, EPSS data, or public proof-of-concept has been disclosed at this time, and this does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20694 MEDIUM PATCH This Month

This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23389 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's ice driver in the ice_set_ringparam() function, where dynamically allocated tx_rings and xdp_rings are not properly freed when subsequent rx_rings allocation or setup fails. This affects all Linux kernel versions with the vulnerable ice driver code path, and while memory leaks typically enable denial of service through resource exhaustion rather than direct code execution, the impact depends on exploitation frequency and system memory constraints. No active exploitation or proof-of-concept has been publicly disclosed; the vulnerability was discovered through static analysis and code review rather than in-the-wild detection.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23386 MEDIUM PATCH This Month

A buffer management vulnerability exists in the Linux kernel's Google Virtual Ethernet (GVE) driver within the gve_tx_clean_pending_packets() function when operating in DQ-QPL (Descriptor Queue with Queue Pair Lists) mode. The function incorrectly interprets buffer IDs as DMA addresses and attempts to unmap memory using the wrong cleanup path, causing out-of-bounds array access and potential memory corruption. This affects Linux kernel versions across multiple stable branches and can be triggered during network device reset operations, potentially leading to kernel crashes or memory safety violations.

Linux Buffer Overflow Google Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23380 MEDIUM PATCH This Month

A reference counting vulnerability in the Linux kernel's tracing subsystem causes a WARN_ON to trigger when a process forks and both parent and child processes exit, particularly when the application calls madvise(MADV_DOFORK) to enable VMA copy-on-fork behavior. The vulnerability affects all Linux kernel versions with the vulnerable tracing_buffers_mmap code and allows local attackers to cause a kernel warning that may lead to denial of service or information disclosure through the kernel warning itself. While not currently listed in KEV or known to be actively exploited, the vulnerability has been patched in stable kernel branches as indicated by four separate commit references.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23377 MEDIUM PATCH This Month

A memory buffer management vulnerability exists in the Linux kernel's ice network driver XDP (eXpress Data Path) implementation, specifically in how it calculates fragment buffer sizes for receive queues. The vulnerability affects Linux kernel versions with the vulnerable ice driver code path and can be triggered through XDP operations that attempt to grow multi-buffer packet tails, potentially causing kernel panics or denial of service. An attacker with the ability to load and execute XDP programs can exploit this by crafting specific packet sizes and offset values to trigger the panic condition, as demonstrated by the XSK_UMEM__MAX_FRAME_SIZE test case, though real-world exploitation requires local access to load XDP programs.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23375 MEDIUM PATCH This Month

A vulnerability in the Linux kernel's Transparent Huge Pages (THP) subsystem incorrectly enables THP for files on anonymous inodes (such as guest_memfd and secretmem), which were not designed to support large folios. This can trigger kernel crashes via memory copy operations on unmapped memory in secretmem, or WARN_ON conditions in guest_memfd fault handlers. The vulnerability affects Linux kernel versions across multiple stable branches and requires a kernel patch to remediate; while not known to be actively exploited in the wild, the condition can be triggered locally by unprivileged users through madvise() syscalls.

Linux Denial Of Service Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23374 MEDIUM PATCH This Month

This vulnerability is a preemption context violation in the Linux kernel's block I/O tracing subsystem where tracing_record_cmdline() unsafely uses __this_cpu_read() and __this_cpu_write() operations from preemptible context. The Linux kernel in versions supporting blktrace (affected via CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) is vulnerable, allowing potential information disclosure or denial of service when block tracing is enabled and block I/O operations occur from user-space processes. This is not actively exploited in the wild (no KEV status), but the vulnerability has functional proof of concept through blktests/blktrace/002, making it a moderate priority for kernel maintainers and distributions shipping PREEMPT(full) configurations.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23373 MEDIUM PATCH This Month

The Linux kernel's Realtek WiFi driver (rsi) incorrectly defaults to returning -EOPNOTSUPP error code in the rsi_mac80211_config function, which triggers a WARN_ON condition in ieee80211_hw_conf_init and deviates from expected driver behavior. This affects Linux kernel versions across multiple stable branches where the rsi WiFi driver is compiled and loaded. While not actively exploited in the wild, the issue causes kernel warnings and improper driver initialization that could degrade WiFi functionality or stability on affected systems.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23371 MEDIUM PATCH This Month

A Linux kernel scheduler vulnerability in SCHED_DEADLINE task handling causes bandwidth accounting corruption when a deadline task holding a priority-inheritance mutex is changed to a lower priority class via sched_setscheduler(). The vulnerability affects Linux kernel implementations (all versions with SCHED_DEADLINE support) and can be triggered by local unprivileged users running specific workloads like stress-ng, potentially leading to kernel warnings, task accounting underflow, and denial of service. No active exploitation in the wild is currently documented, but the vulnerability is fixed in stable kernel branches as evidenced by the provided commit references.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23369 MEDIUM PATCH This Month

A race condition in the Linux kernel's i801 I2C driver causes a kernel NULL pointer dereference and panic during boot when multiple udev threads concurrently access the ACPI I/O handler region. The vulnerability affects Linux kernel versions running the i2c_i801 driver on systems with Intel i801 chipsets. An attacker with local access or the ability to trigger concurrent device enumeration during boot can crash the system, resulting in denial of service.

Denial Of Service Linux Null Pointer Dereference Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23360 MEDIUM PATCH This Month

This vulnerability is a resource leak in the Linux kernel's NVMe driver where the admin queue is not properly released during controller reset operations. Systems running affected Linux kernel versions are vulnerable to denial of service through memory exhaustion when NVMe controllers reset repeatedly. While no active exploitation in the wild has been reported and CVSS/EPSS scores are not yet published, the issue affects all Linux distributions and is resolved through kernel patching with fixes available across multiple stable branches.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23355 MEDIUM PATCH This Month

This vulnerability is a race condition in the Linux kernel's libata subsystem where pending work is not properly canceled after clearing a deferred queue command (deferred_qc), leading to a WARN_ON() condition when the stale work eventually executes. The vulnerability affects all Linux kernel versions with the vulnerable libata code path, impacting systems using ATA/SATA disk controllers. An attacker with local access could trigger this condition through specific command sequences involving NCQ and non-NCQ commands, causing kernel warnings and potential system instability, though direct privilege escalation is not demonstrated.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23353 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's ice network driver that crashes the system during ethtool offline loopback tests. The vulnerability affects Linux kernel versions running the ice driver (Intel Ethernet Controller driver), and an attacker with local access and CAP_NET_ADMIN privileges can trigger a kernel panic (denial of service) by executing ethtool loopback self-tests. No active exploitation or public POC has been reported; patches are available in stable kernel releases.

Linux Denial Of Service Null Pointer Dereference Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23347 MEDIUM PATCH This Month

A use-after-free vulnerability exists in the Linux kernel's CAN USB f81604 driver where URBs submitted in the read bulk callback are not properly anchored before submission, potentially allowing them to be leaked if usb_kill_anchored_urbs() is invoked. This affects all Linux kernel versions with the vulnerable f81604 driver code. An attacker with local access or control over a malicious USB CAN adapter could potentially trigger memory corruption or information disclosure by causing URB leaks during driver cleanup or device disconnection.

Information Disclosure Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23341 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's AMD XDNA accelerator driver (accel/amdxdna) that can cause a kernel crash when userspace attempts to destroy a hardware context that has been automatically suspended. The vulnerability affects all Linux kernel versions with the vulnerable amdxdna driver code path; an unprivileged local user with access to the driver's ioctl interface can trigger a denial of service by issuing a destroy context command on a suspended context, causing the kernel to crash when accessing a NULL mailbox channel pointer. No CVSS score, EPSS data, or KEV status is currently available, but the vulnerability is classified as a denial of service with straightforward triggering conditions.

Denial Of Service Null Pointer Dereference Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23337 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's pinctrl subsystem within the pinconf_generic_parse_dt_config() function. When the parse_dt_cfg() function fails, the code returns directly without executing cleanup logic, causing the cfg buffer to be leaked. This affects all Linux kernel versions containing the vulnerable pinctrl-generic code, and while the vulnerability itself does not enable direct code execution, it can lead to denial of service through memory exhaustion over time as the kernel gradually loses available memory.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23334 MEDIUM PATCH This Month

A buffer handling vulnerability exists in the Linux kernel's CAN USB f81604 driver where improperly sized interrupt URB (USB Request Block) messages are not validated before processing, potentially leading to information disclosure or memory corruption. All Linux kernel versions with the affected CAN f81604 USB driver are impacted. An attacker with physical access to a malicious USB device or local system access could trigger abnormal URB message handling to leak kernel memory or cause denial of service. This vulnerability is not currently listed as actively exploited in known vulnerability databases, and no public proof-of-concept has been widely circulated, though patches are available across multiple kernel stable branches.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23328 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the Linux kernel's AMD XDena accelerator driver (accel/amdxdna) where the mgmt_chann variable may be set to NULL if firmware returns an unexpected error during management message transmission, subsequently causing a kernel crash when aie2_hw_stop() attempts to access it. This affects Linux kernel versions across the amdxdna subsystem and can be exploited by local attackers with physical access or through malicious firmware to trigger a denial of service condition. Two stable kernel patches are available that introduce proper NULL checks and a dedicated helper function to safely destroy mgmt_chann.

Null Pointer Dereference Denial Of Service Linux Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23316 MEDIUM PATCH This Month

A memory alignment fault vulnerability exists in the Linux kernel's IPv4 multipath routing hash seed implementation that causes kernel panics on ARM64 systems when compiled with Clang and Link Time Optimization (LTO) enabled. The vulnerability affects all Linux kernel versions with the vulnerable code path in net/ipv4/route.c, specifically impacting ARM64 architectures where strict alignment requirements for Load-Acquire instructions are enforced. An attacker with local access or ability to trigger multipath hash operations could cause a denial of service by crashing the kernel, though no active exploitation has been reported in the wild.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23313 MEDIUM PATCH This Month

A preempt count leak exists in the Linux kernel's i40e network driver within the napi poll tracepoint implementation, where get_cpu() is called without a corresponding put_cpu() to restore the preempt count. This affects all Linux kernel versions containing the vulnerable i40e driver code and can cause kernel accounting errors and potential system instability when the tracepoint is enabled. The vulnerability has no known active exploitation or public proof-of-concept code, and while not formally scored with CVSS, it represents a moderate kernel reliability issue that has persisted undetected for over three years.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23310 MEDIUM PATCH This Month

A logic error in the Linux kernel's bonding driver allows an unprivileged user to change the xmit_hash_policy parameter to an incompatible value (vlan+srcmac) while an XDP program is loaded, creating an inconsistent state where the kernel cannot safely unload the XDP program during device shutdown. This triggers a kernel warning and potential instability when the bond interface is destroyed. The vulnerability affects Linux kernel versions across multiple stable branches and requires local access to trigger.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23308 MEDIUM PATCH This Month

A warning trace vulnerability exists in the Linux kernel's pinctrl equilibrium driver where the eqbr_irq_mask_ack() callback function incorrectly calls both eqbr_irq_mask() and eqbr_irq_ack(), causing gpiochip_disable_irq() to be invoked twice and generating spurious kernel warnings on every GPIO during driver load. All Linux kernel versions with the affected equilibrium pinctrl driver are impacted, though this is primarily a kernel stability and logging issue rather than a security vulnerability. The issue has been resolved in multiple stable kernel branches as evidenced by the five stable commit hashes referenced, indicating patches are available.

Linux Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 10 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy