On 9 February 2026 the Debian security team published advisory DSA-6126-1, a Linux kernel update that covers more than 170 vulnerabilities (CVEs) piled up across various subsystems. This isn’t one isolated flaw. It’s a roll-up of patches that Debian pulls from the upstream stable kernel branches and packages for its users, which is routine for distributions that maintain long-term support kernels.
What the advisory fixes
The bulletin gathers a very broad set of CVE identifiers. Among them are CVE-2024-58096 and CVE-2024-58097, plus plenty from 2025 (for example CVE-2025-22111 and CVE-2025-38234) and from 2026, up to CVE-2026-23110. Per Debian’s own description, the flaws fall into three main impact categories:
- Privilege escalation: a local attacker could elevate their permissions on the system.
- Denial of service: a flaw could cause the kernel to lock up or crash.
- Information leaks: exposure of kernel memory data to unprivileged processes.
Cramming this many CVEs into a single update says a lot about the steady stream of fixes the Linux kernel takes in, especially around device drivers, the network stack, file systems and virtualization subsystems.
Who is affected
The advisory targets the Debian stable distribution, codenamed Trixie, which runs the 6.12 kernel series. Any Debian stable system that hasn’t applied recent security updates is potentially exposed to one of the covered flaws. With so many subsystems involved, this hits desktops, servers and virtualized environments alike.
Severity
The advisory doesn’t assign a single global CVSS score, but the privilege escalation vulnerabilities alone make this an important update. Many of the kernel CVEs published in this period, such as those in the nf_tables family and other use-after-free bugs, have proven exploitable to gain root under specific conditions. As a precaution, treat a kernel update of this size as high priority.
Mitigation and patch
Debian’s official recommendation leaves no room for doubt: upgrade the kernel packages. The fix ships in version 6.12.69-1 for Trixie. The standard procedure:
sudo apt update
sudo apt full-upgradeOnce the new kernel is installed you have to reboot the system so the patched kernel takes effect, since without live patching tooling the fixes don’t apply hot. On critical servers, schedule that reboot so the downtime gets in the way as little as possible.
If you run Debian infrastructure, this advisory is the usual reminder: keep unattended-upgrades enabled and check the Debian security tracker now and then, since large kernel updates land regularly throughout the year. And to give local privilege escalation less room, harden your policies with SELinux and AppArmor.
Source
- Debian Security Advisory DSA-6126-1 (linux): https://lists.debian.org/debian-security-announce/2026/msg00035.html
- NVD — CVE-2024-58096: https://nvd.nist.gov/vuln/detail/CVE-2024-58096