CVE-2025-71293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

CVE-2025-71293

CVE-2025-71293 concerns the Linux kernel amdgpu ras issue where, if eeprom contained only invalid addresses, allocation could be skipped and lead to a NULL pointer dereference when reading bad pages. The fix moves the ras data allocation before the bad-page check, resolving a NULL pointer derefer...

CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

CVE-2025-71293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocation is skipped, this causes following NULL pointer issue 547.103445 BUG: kernel NULL pointer...

CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

CVE-2025-71286

The CVE-2025-71286 issue concerns the Linux kernel’s ALSA SOF ipc4-topology component, where memory allocation for bytes controls was miscalculated. This could allow local memory corruption due to under-allocating space behind scontrol->ipc_control_data; fixes request allocating additional mem...

CVE-2025-71286 ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

CVE-2026-43277 APEI/GHES: ensure that won't go past CPER allocated record

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43277

The CVE-2026-43277 issue affects the Linux kernel GHES/APEI path. The root cause is a mismatch between CPER-record length and the actual number of pages allocated when ghes_new() validates CPER data, enabling a bad firmware to cause an out-of-bounds write and a kernel OOPs/panic. Public descripti...

CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43245 ntfs: ->d_compare() must not block

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

CVE-2026-43222

In the Linux kernel, the media: verisilicon: AV1 driver patch fixes a buffer-size miscalculation for tile information. The tile info structure (row_sb, col_sb, start_pos, end_pos) requires AV1_MAX_TILES × 16 bytes; using the incorrect define caused writes to non-allocated memory, risking memory c...

CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

CVE-2026-43220

The CVE-2026-43220 entry concerns the Linux kernel iommu/amd component. The issue arises under concurrent TLB invalidations when CMD_COMPL_WAIT sequencing can be broken because cmd_sem_val was incremented outside the IOMMU spinlock, causing out-of-sequence command queuing and a disrupted completi...

CVE-2026-43220

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing...

CVE-2026-43220

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing...

CVE-2026-43218

CVE-2026-43218 affects the Linux kernel driver for tw9903 (media: i2c/tw9903) where, in an error path of tw9903_probe(), memory allocated for V4L2 control processing (v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()) is not freed. The fix adds a call to v4l2_ctrl_handler_free() on the handler in ...

CVE-2026-43202 fbdev: vt8500lcdfb: fix missing dma_free_coherent()

In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dmafreecoherent fbi-fb.screenbuffer is allocated with dmaalloccoherent but is not freed if the error path is reached...