UBUNTU-CVE-2026-43207

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

UBUNTU-CVE-2025-71271

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

UBUNTU-CVE-2025-71292

In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfsrename If nlink is maximal for a directory -1 and inside that directory you perform a rename for some child directory not moving from the parent, then the nlink of the first directory is first incremente...

UBUNTU-CVE-2026-43266

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

UBUNTU-CVE-2026-43226

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

UBUNTU-CVE-2026-43164

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

UBUNTU-CVE-2025-71289

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

UBUNTU-CVE-2025-71285

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...

UBUNTU-CVE-2026-43140

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc-input Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, msc-input stays NULL, leading to a crash at a later time...

UBUNTU-CVE-2026-43212

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Make cpumaskofnode robust against NUMANONODE The arch definition of cpumaskofnode cannot handle NUMANONODE - which is a valid index - so add a check for this...

UBUNTU-CVE-2026-43126

In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...

UBUNTU-CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2sendrequestex When pvr2sendrequestex submits a write URB successfully but fails to submit the read URB e.g. returns -ENOMEM, it returns immediately without waiting for the write URB to complete...

UBUNTU-CVE-2026-43270

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...

UBUNTU-CVE-2026-43242

In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and on...

UBUNTU-CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

UBUNTU-CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

UBUNTU-CVE-2026-43267

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential zero beacon interval in beacon tracking During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could result in a division by zero error in subsequent calculations. Set a...

UBUNTU-CVE-2026-43143

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...

UBUNTU-CVE-2026-43214

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...

UBUNTU-CVE-2026-43202

In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dmafreecoherent fbi-fb.screenbuffer is allocated with dmaalloccoherent but is not freed if the error path is reached...