SB2026032361 - SUSE update for the Linux Kernel
Published: March 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 153 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2023-53817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mpi_cmp_ui() function in lib/mpi/mpi-cmp.c. A local user can perform a denial of service (DoS) attack.
2) Resource management error (CVE-ID: CVE-2025-39748)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the regs_refine_cond_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2025-39964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/crypto/if_alg.h. A local user can perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2025-40099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the parse_dfs_referrals() function in fs/smb/client/misc.c. A local user can perform a denial of service (DoS) attack.
6) Memory leak (CVE-ID: CVE-2025-40103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_smb2_acl_by_path() and set_smb2_acl() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-40201)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE4() function in kernel/sys.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-40253)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpc_rcvd_sweep_req() function in drivers/s390/net/ctcm_mpc.c. A local user can perform a denial of service (DoS) attack.
9) Buffer overflow (CVE-ID: CVE-2025-68283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the decode_new_primary_temp(), ceph_get_primary_affinity(), decode_new_primary_affinity() and decode_new_up_state_weight() functions in net/ceph/osdmap.c. A local user can escalate privileges on the system.
10) Memory leak (CVE-ID: CVE-2025-68295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cifs_construct_tcon() function in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
11) Use-after-free (CVE-ID: CVE-2025-68374)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/md/md.h. A local user can escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2025-68735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panthor_fdinfo_gather_group_samples(), panthor_group_create(), panthor_group_destroy() and panthor_fdinfo_gather_group_mem_info() functions in drivers/gpu/drm/panthor/panthor_sched.c. A local user can escalate privileges on the system.
13) Incorrect calculation (CVE-ID: CVE-2025-68736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the is_access_to_paths_allowed(), maybe_remove() and collect_domain_accesses() functions in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-68778)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the conflicting_inode_is_dir(), add_conflicting_inode() and log_conflicting_inodes() functions in fs/btrfs/tree-log.c. A local user can escalate privileges on the system.
15) Out-of-bounds read (CVE-ID: CVE-2025-68785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_and_copy_set_tun() and __ovs_nla_copy_actions() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2025-68810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __kvm_set_memory_region() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
17) Use-after-free (CVE-ID: CVE-2025-71071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_iommu_mm_dts_parse(), mtk_iommu_probe() and mtk_iommu_remove() functions in drivers/iommu/mtk_iommu.c. A local user can escalate privileges on the system.
18) Improper locking (CVE-ID: CVE-2025-71104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the advance_periodic_target_expiration() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
19) Use of uninitialized resource (CVE-ID: CVE-2025-71113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the rng_accept_parent() function in crypto/algif_rng.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2025-71125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_event_reg() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-71126)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retrans() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
22) Memory leak (CVE-ID: CVE-2025-71148)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_submit() function in net/handshake/request.c. A local user can perform a denial of service (DoS) attack.
23) Improper locking (CVE-ID: CVE-2025-71182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_session_activate() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2025-71184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
25) Memory leak (CVE-ID: CVE-2025-71185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ti_am335x_xbar_route_allocate() function in drivers/dma/ti/dma-crossbar.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2025-71188)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpc18xx_dmamux_reserve() function in drivers/dma/lpc18xx-dmamux.c. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2025-71189)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rzn1_dmamux_route_allocate() function in drivers/dma/dw/rzn1-dmamux.c. A local user can perform a denial of service (DoS) attack.
28) Memory leak (CVE-ID: CVE-2025-71190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sba_probe() and sba_remove() functions in drivers/dma/bcm-sba-raid.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2025-71191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atc_alloc_chan_resources() and atc_free_chan_resources() functions in drivers/dma/at_hdmac.c. A local user can perform a denial of service (DoS) attack.
30) Double free (CVE-ID: CVE-2025-71192)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ac97_adapter_release(), ac97_add_adapter() and snd_ac97_controller_register() functions in sound/ac97/bus.c. A local user can perform a denial of service (DoS) attack.
31) Improper locking (CVE-ID: CVE-2025-71194)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the is_transaction_blocked(), start_transaction() and btrfs_wait_for_commit() functions in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
32) Resource management error (CVE-ID: CVE-2025-71195)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/dma/xilinx/xdma.c. A local user can perform a denial of service (DoS) attack.
33) Out-of-bounds read (CVE-ID: CVE-2025-71196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stm32_usbphyc_probe() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
34) Off-by-one (CVE-ID: CVE-2025-71197)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the alarms_store() function in drivers/w1/slaves/w1_therm.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2025-71198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2025-71199)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the at91_adc_remove() function in drivers/iio/adc/at91-sama5d2_adc.c. A local user can escalate privileges on the system.
37) Improper locking (CVE-ID: CVE-2025-71200)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dwcmshc_rk3568_set_clock() function in drivers/mmc/host/sdhci-of-dwcmshc.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2025-71222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the wl1271_tx_allocate() function in drivers/net/wireless/ti/wlcore/tx.c. A local user can perform a denial of service (DoS) attack.
39) Resource management error (CVE-ID: CVE-2025-71224)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_ocb_rx_no_sta() function in net/mac80211/ocb.c. A local user can perform a denial of service (DoS) attack.
40) Use-after-free (CVE-ID: CVE-2025-71225)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid_disks_store() function in drivers/md/md.c. A local user can escalate privileges on the system.
41) Resource management error (CVE-ID: CVE-2025-71229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rtw_core_enable_beacon() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can perform a denial of service (DoS) attack.
42) Out-of-bounds read (CVE-ID: CVE-2025-71231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.
43) Improper locking (CVE-ID: CVE-2025-71232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qla_fab_async_scan() function in drivers/scsi/qla2xxx/qla_gs.c. A local user can perform a denial of service (DoS) attack.
44) Out-of-bounds read (CVE-ID: CVE-2025-71234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl8xxxu_probe() function in drivers/net/wireless/realtek/rtl8xxxu/core.c. A local user can perform a denial of service (DoS) attack.
45) Use-after-free (CVE-ID: CVE-2025-71235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_wait_for_hba_ready() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
46) Use-after-free (CVE-ID: CVE-2025-71236)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla_fab_async_scan() function in drivers/scsi/qla2xxx/qla_gs.c. A local user can escalate privileges on the system.
47) Memory leak (CVE-ID: CVE-2026-22979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the skb_segment_list() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
48) NULL pointer dereference (CVE-ID: CVE-2026-22982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocelot_set_aggr_pgids() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2026-22989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/nfsd/state.h. A local user can perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2026-22998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_handle_h2c_data_pdu() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
51) Use of uninitialized resource (CVE-ID: CVE-2026-23003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2026-23004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rt6_uncached_list_add() function in net/ipv6/route.c. A local user can escalate privileges on the system.
53) Use-after-free (CVE-ID: CVE-2026-23010)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet6_addr_del() function in net/ipv6/addrconf.c. A local user can escalate privileges on the system.
54) NULL pointer dereference (CVE-ID: CVE-2026-23017)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idpf_init_task() and idpf_init_hard_reset() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
55) Memory leak (CVE-ID: CVE-2026-23021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.
56) Memory leak (CVE-ID: CVE-2026-23023)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idpf_vport_rel() function in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
57) Memory leak (CVE-ID: CVE-2026-23026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the function in drivers/dma/qcom/gpi.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2026-23033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the omap_dma_probe() function in drivers/dma/ti/omap-dma.c. A local user can perform a denial of service (DoS) attack.
59) NULL pointer dereference (CVE-ID: CVE-2026-23035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_vport_vf_rep_load() and mlx5e_vport_rep_unload() functions in drivers/net/ethernet/mellanox/mlx5/core/en_rep.c. A local user can perform a denial of service (DoS) attack.
60) Memory leak (CVE-ID: CVE-2026-23037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the es58x_alloc_rx_urbs() function in drivers/net/can/usb/etas_es58x/es58x_core.c. A local user can perform a denial of service (DoS) attack.
61) Memory leak (CVE-ID: CVE-2026-23038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_ff_alloc_deviceid_node() function in fs/nfs/flexfilelayout/flexfilelayoutdev.c. A local user can perform a denial of service (DoS) attack.
62) Resource management error (CVE-ID: CVE-2026-23049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the function in drivers/gpu/drm/panel/panel-simple.c. A local user can perform a denial of service (DoS) attack.
63) Improper locking (CVE-ID: CVE-2026-23053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/linux/nfs_fs.h. A local user can perform a denial of service (DoS) attack.
64) Buffer overflow (CVE-ID: CVE-2026-23054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
65) Improper error handling (CVE-ID: CVE-2026-23056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the uacce_vma_close() function in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
66) Use of uninitialized resource (CVE-ID: CVE-2026-23057)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the virtio_transport_recv_enqueue() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
67) Memory leak (CVE-ID: CVE-2026-23058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ems_usb_read_bulk_callback() function in drivers/net/can/usb/ems_usb.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
69) Memory leak (CVE-ID: CVE-2026-23061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvaser_usb_read_bulk_callback() function in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2026-23062)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/platform/x86/hp/hp-bioscfg/bioscfg.h. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2026-23063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uacce_start_queue() and uacce_fops_unl_ioctl() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2026-23064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcf_ife_encode() function in net/sched/act_ife.c. A local user can perform a denial of service (DoS) attack.
73) Memory leak (CVE-ID: CVE-2026-23065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wbrf_record() function in drivers/platform/x86/amd/wbrf.c. A local user can perform a denial of service (DoS) attack.
74) Double free (CVE-ID: CVE-2026-23068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the sprd_adi_probe() function in drivers/spi/spi-sprd-adi.c. A local user can perform a denial of service (DoS) attack.
75) Integer underflow (CVE-ID: CVE-2026-23069)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the virtio_transport_get_credit(), virtio_transport_seqpacket_has_data(), virtio_transport_stream_has_space() and virtio_transport_space_update() functions in net/vmw_vsock/virtio_transport_common.c. A local user can execute arbitrary code.
76) Resource management error (CVE-ID: CVE-2026-23070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rvu_sdp_init() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c. A local user can perform a denial of service (DoS) attack.
77) Improper locking (CVE-ID: CVE-2026-23071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the regmap_lock_hwlock_irq() function in drivers/base/regmap/regmap.c. A local user can perform a denial of service (DoS) attack.
78) Buffer overflow (CVE-ID: CVE-2026-23073)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rsi_mac80211_attach() function in drivers/net/wireless/rsi/rsi_91x_mac80211.c. A local user can escalate privileges on the system.
79) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
80) Out-of-bounds read (CVE-ID: CVE-2026-23076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amixer_rsc_init() and sum_rsc_init() functions in sound/pci/ctxfi/ctamixer.c. A local user can perform a denial of service (DoS) attack.
81) Buffer overflow (CVE-ID: CVE-2026-23078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scarlett2_usb_get_config() function in sound/usb/mixer_scarlett2.c. A local user can escalate privileges on the system.
82) Memory leak (CVE-ID: CVE-2026-23080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_read_bulk_callback() function in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2026-23082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
84) Input validation error (CVE-ID: CVE-2026-23083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the function in net/ipv4/fou_nl.c. A local user can perform a denial of service (DoS) attack.
85) NULL pointer dereference (CVE-ID: CVE-2026-23084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_cmd_get_perm_mac() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
86) Resource management error (CVE-ID: CVE-2026-23085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the its_build_mapd_cmd(), its_build_vmapp_cmd() and its_setup_baser() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
87) Use-after-free (CVE-ID: CVE-2026-23086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_seqpacket_dequeue(), virtio_transport_seqpacket_enqueue() and virtio_transport_has_space() functions in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
88) Resource management error (CVE-ID: CVE-2026-23088)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the synth_event_define_fields() function in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
89) Use-after-free (CVE-ID: CVE-2026-23089)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.
90) Memory leak (CVE-ID: CVE-2026-23090)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the slim_get_device() and slim_device_report_present() functions in drivers/slimbus/core.c. A local user can perform a denial of service (DoS) attack.
91) Memory leak (CVE-ID: CVE-2026-23091)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_th_output_open() function in drivers/hwtracing/intel_th/core.c. A local user can perform a denial of service (DoS) attack.
92) Input validation error (CVE-ID: CVE-2026-23094)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the isolate_strategy_show() and isolate_strategy_store() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
93) Memory leak (CVE-ID: CVE-2026-23095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gue_udp_recv() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
94) Improper resource shutdown or release (CVE-ID: CVE-2026-23096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the EXPORT_SYMBOL_GPL() and uacce_register() functions in drivers/misc/uacce/uacce.c. A local user can perform a denial of service (DoS) attack.
95) Out-of-bounds read (CVE-ID: CVE-2026-23099)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
96) Use of uninitialized resource (CVE-ID: CVE-2026-23101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the led_classdev_register_ext() function in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
97) Out-of-bounds read (CVE-ID: CVE-2026-23102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the restore_sve_fpsimd_context() function in arch/arm64/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2026-23104)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ice_deinit_features() and ice_remove() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can escalate privileges on the system.
99) Input validation error (CVE-ID: CVE-2026-23105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qfq_rm_from_agg() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.
100) NULL pointer dereference (CVE-ID: CVE-2026-23107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the restore_za_context() function in arch/arm64/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
101) Memory leak (CVE-ID: CVE-2026-23108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_8dev_read_bulk_callback() function in drivers/net/can/usb/usb_8dev.c. A local user can perform a denial of service (DoS) attack.
102) Race condition (CVE-ID: CVE-2026-23110)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the scsi_dec_host_busy() function in drivers/scsi/scsi_lib.c. A local user can escalate privileges on the system.
103) Use-after-free (CVE-ID: CVE-2026-23111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_map_catchall_activate() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
104) Input validation error (CVE-ID: CVE-2026-23112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nvmet_tcp_free_cmd_buffers() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
105) Improper locking (CVE-ID: CVE-2026-23113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_worker_handle_work() function in io_uring/io-wq.c. A local user can perform a denial of service (DoS) attack.
106) Input validation error (CVE-ID: CVE-2026-23116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imx8mq_vpu_power_notifier() function in drivers/pmdomain/imx/imx8m-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
107) Resource management error (CVE-ID: CVE-2026-23119)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bond_flow_dissect() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
108) Improper locking (CVE-ID: CVE-2026-23121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mISDN_read(), mISDN_poll() and misdn_add_timer() functions in drivers/isdn/mISDN/timerdev.c. A local user can perform a denial of service (DoS) attack.
109) NULL pointer dereference (CVE-ID: CVE-2026-23125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1C_ack() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
110) Buffer overflow (CVE-ID: CVE-2026-23128)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the swsusp_arch_suspend() function in arch/arm64/kernel/hibernate.c. A local user can perform a denial of service (DoS) attack.
111) Resource management error (CVE-ID: CVE-2026-23129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dpll_xa_ref_pin_add() and dpll_xa_ref_dpll_add() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
112) Input validation error (CVE-ID: CVE-2026-23131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hp_init_bios_buffer_attribute() function in drivers/platform/x86/hp/hp-bioscfg/bioscfg.c. A local user can perform a denial of service (DoS) attack.
113) Buffer overflow (CVE-ID: CVE-2026-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the _ath10k_ce_free_pipe() and _ath10k_ce_free_pipe_64() functions in drivers/net/wireless/ath/ath10k/ce.c. A local user can perform a denial of service (DoS) attack.
114) Buffer overflow (CVE-ID: CVE-2026-23135)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ath12k_ce_free_pipes() function in drivers/net/wireless/ath/ath12k/ce.c. A local user can perform a denial of service (DoS) attack.
115) Incorrect calculation (CVE-ID: CVE-2026-23139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __nf_conncount_add() function in net/netfilter/nf_conncount.c. A local user can perform a denial of service (DoS) attack.
116) Input validation error (CVE-ID: CVE-2026-23141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the range_is_hole_in_parent() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
117) Memory leak (CVE-ID: CVE-2026-23145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_inode_update_ref() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
118) NULL pointer dereference (CVE-ID: CVE-2026-23146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_uart_register_dev() and hci_uart_set_proto() functions in drivers/bluetooth/hci_ldisc.c. A local user can perform a denial of service (DoS) attack.
119) Memory leak (CVE-ID: CVE-2026-23150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfc_llcp_remove_local() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.
120) Memory leak (CVE-ID: CVE-2026-23151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the set_ssp_complete() and set_advertising_complete() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
121) Input validation error (CVE-ID: CVE-2026-23152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_parse_adv_t2l() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
122) Input validation error (CVE-ID: CVE-2026-23154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcp6_gso_segment() function in net/ipv6/tcpv6_offload.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2026-23155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gs_usb_receive_bulk_callback() function in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.
124) Use of uninitialized resource (CVE-ID: CVE-2026-23156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efivar_entry_get() function in fs/efivarfs/vars.c. A local user can perform a denial of service (DoS) attack.
125) Improper locking (CVE-ID: CVE-2026-23157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/btrfs/extent_io.h. A local user can perform a denial of service (DoS) attack.
126) NULL pointer dereference (CVE-ID: CVE-2026-23163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_gmc_filter_faults_remove() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c. A local user can perform a denial of service (DoS) attack.
127) NULL pointer dereference (CVE-ID: CVE-2026-23166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vsi_set_napi_queues() function in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
128) Memory leak (CVE-ID: CVE-2026-23167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_unregister_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
129) Improper locking (CVE-ID: CVE-2026-23169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __reset_counters() function in net/mptcp/pm_kernel.c. A local user can perform a denial of service (DoS) attack.
130) Memory leak (CVE-ID: CVE-2026-23170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the imx_tve_probe() function in drivers/gpu/drm/imx/imx-tve.c. A local user can perform a denial of service (DoS) attack.
131) Use-after-free (CVE-ID: CVE-2026-23171)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bond_enslave() function in drivers/net/bonding/bond_main.c. A local user can escalate privileges on the system.
132) Memory leak (CVE-ID: CVE-2026-23172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the t7xx_dpmaif_set_frag_to_skb() function in drivers/net/wwan/t7xx/t7xx_hif_dpmaif_rx.c. A local user can perform a denial of service (DoS) attack.
133) NULL pointer dereference (CVE-ID: CVE-2026-23173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() and mlx5e_tc_num_filters() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
134) Memory leak (CVE-ID: CVE-2026-23176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the toshiba_haps_add() function in drivers/platform/x86/toshiba_haps.c. A local user can perform a denial of service (DoS) attack.
135) Buffer overflow (CVE-ID: CVE-2026-23178)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the i2c_hid_get_report() function in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can escalate privileges on the system.
136) Improper locking (CVE-ID: CVE-2026-23179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_tcp_listen_data_ready() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
137) Memory leak (CVE-ID: CVE-2026-23182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_slink_probe() function in drivers/spi/spi-tegra20-slink.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2026-23190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acp_pdm_dma_close() function in sound/soc/amd/renoir/acp3x-pdm-dma.c. A local user can perform a denial of service (DoS) attack.
139) Use-after-free (CVE-ID: CVE-2026-23191)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.
140) Memory leak (CVE-ID: CVE-2026-23198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irqfd_shutdown(), irqfd_wakeup() and kvm_irqfd_deassign() functions in virt/kvm/eventfd.c. A local user can perform a denial of service (DoS) attack.
141) Use-after-free (CVE-ID: CVE-2026-23202)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tegra_qspi_combined_seq_xfer() function in drivers/spi/spi-tegra210-quad.c. A local user can escalate privileges on the system.
142) Out-of-bounds read (CVE-ID: CVE-2026-23204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.
143) NULL pointer dereference (CVE-ID: CVE-2026-23207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_cpu_based_xfer(), handle_dma_based_xfer() and tegra_qspi_isr_thread() functions in drivers/spi/spi-tegra210-quad.c. A local user can perform a denial of service (DoS) attack.
144) Out-of-bounds read (CVE-ID: CVE-2026-23208)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the prepare_playback_urb() function in sound/usb/pcm.c. A local user can perform a denial of service (DoS) attack.
145) Use-after-free (CVE-ID: CVE-2026-23209)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macvlan_common_newlink() function in drivers/net/macvlan.c. A local user can escalate privileges on the system.
146) NULL pointer dereference (CVE-ID: CVE-2026-23210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/intel/ice/ice_ptp.h. A local user can perform a denial of service (DoS) attack.
147) Improper locking (CVE-ID: CVE-2026-23213)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smu_v14_0_2_mode1_reset() function in drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c. A local user can perform a denial of service (DoS) attack.
148) Resource management error (CVE-ID: CVE-2026-23214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fs/btrfs/fs.h. A local user can perform a denial of service (DoS) attack.
149) Use-after-free (CVE-ID: CVE-2026-23221)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can escalate privileges on the system.
150) Buffer overflow (CVE-ID: CVE-2026-23222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the omap_crypto_copy_sg_lists() function in drivers/crypto/omap-crypto.c. A local user can escalate privileges on the system.
151) Improper locking (CVE-ID: CVE-2026-23229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtcrypto_done_task() function in drivers/crypto/virtio/virtio_crypto_core.c. A local user can perform a denial of service (DoS) attack.
152) Improper Access Control (CVE-ID: CVE-2026-23268)
The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.
The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.
The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.
153) Out-of-bounds read (CVE-ID: CVE-2026-23269)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.
Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.
Remediation
Install update from vendor's website.