CVE-2026-23342

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and cpumapflush run atomically...

CVE-2026-23294

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

CVE-2026-23372

In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel txwork before socket teardown In rawsockrelease, cancel any pending txwork and purge the write queue before orphaning the socket. rawsocktxwork runs on the system workqueue and calls nfcdataexchange which...

UBUNTU-CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

UBUNTU-CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23394

CVE-2026-23394 – af_unix GC race with MSG_PEEK (Linux kernel) : A race between MSG_PEEK and garbage collection can cause the GC to incorrectly GC dead sockets, since MSG_PEEK silently bumps a file refcount. The issue originates from a change in the current GC algorithm and the removal of the lock...

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...

CVE-2026-23379 net/sched: ets: fix divide by zero in the offload path

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'. Using unsigned int, the same integer size a...

CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...

CVE-2026-23377

In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...

CVE-2026-23377

In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...

CVE-2026-23360 nvme: fix admin queue leak on controller reset

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23360 nvme: fix admin queue leak on controller reset

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23360

CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...

CVE-2026-23360

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23355

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferredqc Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning non-zero before issuing the deferred qc. atascsischeduledeferredqc is called during...

CVE-2026-23355 ata: libata: cancel pending work after clearing deferred_qc

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferredqc Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning non-zero before issuing the deferred qc. atascsischeduledeferredqc is called during...