CVE-2026-43250

A flaw was found in the Linux kernel's ChipIdea USB Device Controller UDC driver. A local user with a malicious USB device, or a malicious USB device itself, could exploit this by reconnecting the device during an active data transfer. This improper cleanup of Direct Memory Access DMA buffers can...

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

CVE-2026-43146

A flaw was found in the Linux kernel's iris media driver. When creating internal buffers, a buffer was added to a list before its Direct Memory Access DMA allocation was successfully completed. If the DMA allocation failed, a partially initialized buffer remained in the list. This could lead to a...

CVE-2025-71294

A flaw was found in the Linux kernel's drm/amdgpu component. When the SDMA System Direct Memory Access block is not enabled, the bufferfuncs are not properly initialized. This can lead to a NULL pointer dereference, potentially causing a system crash and a denial of service...

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

EUVD-2026-27678

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...

EUVD-2026-27813

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

EUVD-2026-27708

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

EUVD-2025-209682

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, bufferfuncs will not initialize, fix the null pointer issue if bufferfuncs not initialized...

EUVD-2026-27691

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

CVE-2026-43283

The CVE-2026-43283 issue is in the Linux kernel's ec_bhf Ethernet driver where error-path handling used priv->rx_buf.alloc_len as the DMA handle in dma_free_coherent(), risking improper unmapping and potential memory corruption or DoS. The fix changes the DMA handle to priv->rx_buf.alloc_ph...

CVE-2026-43283 net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...

CVE-2026-43257 media: cx88: Add missing unmap in snd_cx88_hw_params()

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

CVE-2026-43250

CVE-2026-43250 affects the Linux kernel ChipIdea USB Device Controller (UDC) driver. The vulnerability arises when a USB device is reconnected during an active transfer, because _ep_nuke() returns requests without unmapping DMA buffers or cleaning bounce buffers, leaving stale DMA state (num_mapp...

CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-43149 net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()

In the Linux kernel, the following vulnerability has been resolved: net: wan/fslucchdlc: Fix dmafreecoherent in uhdlcmemclean The priv-rxbuffer and priv-txbuffer are alloc'd together as contiguous buffers in uhdlcinit but freed as two buffers in uhdlcmemclean. Change the cleanup to only call...

CVE-2026-43149

In the Linux kernel, the following vulnerability has been resolved: net: wan/fslucchdlc: Fix dmafreecoherent in uhdlcmemclean The priv-rxbuffer and priv-txbuffer are alloc'd together as contiguous buffers in uhdlcinit but freed as two buffers in uhdlcmemclean. Change the cleanup to only call...

CVE-2026-43146

CVE-2026-43146 relates to the Linux kernel iris media driver. The root cause was that internal buffers were enqueued in buffers->list before a DMA allocation completed. If dma_alloc_attrs() failed with -ENOMEM, a partially initialized buffer remained in the list, risking inconsistent state and...