CVE-2026-43441 net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

CVE-2026-43441

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

CVE-2026-43431

In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...

CVE-2026-43431 xhci: Fix NULL pointer dereference when reading portli debugfs files

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

CVE-2026-43424 usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

CVE-2026-43424

The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...

CVE-2026-43422

The CVE-2026-43422 entry concerns the Linux kernel USB legacy NCM driver. The vulnerability stems from deferred net_device allocation in gncm_bind, where a NULL pointer dereference could occur when accessing the net_device before it is fully instantiated. The fix, described in the connected repor...

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

...

CVE-2026-43422

Removed by vendor...

CVE-2026-43421

The CVE affects the Linux kernel USB gadget for Network Control Model (NCM) where a net_device could outlive its parent gadget during disconnection, causing dangling sysfs links and potential null dereference. The root cause was lifecycle mismanagement of net_device during USB bind/unbind, addres...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

CVE-2026-43413 scsi: hisi_sas: Fix NULL pointer exception during user_scan()

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43410

Summary: CVE-2026-43410 affects the Linux kernel firmware driver for Stratix 10 RSU. When RSU is not enabled in the FSBL, the driver can NULL-dereference via svc_normal_to_secure_thread(), causing a kernel panic. The root cause is rsu_send_async_msg() freeing the channel on failure, while the pro...

CVE-2026-43410 firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...