CVE-2026-43271 md-cluster: fix NULL pointer dereference in process_metadata_update

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43271

CVE-2026-43271 involves the Linux kernel md-cluster module where a race during MD array startup can cause a NULL pointer dereference in process_metadata_update when a METADATA_UPDATED message arrives before mddev->thread is initialized. The root cause is the code path that dereferences the thr...

CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wdring-pages array, causing NULL pointer dereference. BUG:...

CVE-2026-43213

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release report, which will access out-of-bounds of wdring-pages array, causing NULL pointer dereference. BUG:...

CVE-2026-43213

The CVE-2026-43213 issue centers on the Linux kernel WiFi driver rtw89_pci, where an abnormal TX release report sequence number can cause an out-of-bounds access to wd_ring->pages, leading to a NULL pointer dereference and kernel crash (DoS). Public reports confirm this affects the rtw89_pci c...

CVE-2026-43207

The vulnerability CVE-2026-43207 affects the Linux kernel mtk-mdp media driver. Root cause: improper error handling in the probe function can cause resource leaks; a missing check for vpu_get_plat_device() may dereference a NULL and the function increases the platform device reference count, risk...

CVE-2026-43207 media: mtk-mdp: Fix error handling in probe function

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

CVE-2026-43173

CVE-2026-43173 is a Linux kernel vulnerability in the net: ethernet: xscale driver where ixp46x_ptp_find() is invoked unconditionally from ixp4xx_get_ts_info(), even on systems without ixp46x support. This NULL pointer dereference can lead to a kernel crash/DoS when reading PTP-related info via e...

CVE-2026-43164

CVE-2026-43164 affects the Linux kernel UDP-Lite implementation. The issue is a null-pointer dereference in __udp_enqueue_schedule_skb() triggered during UDP-Lite socket initialization, as reported by syzbot. Post-commit changes allow udp_lib_init_sock(), udp_init_sock(), and udpv6_init_sock() to...

CVE-2026-43164 udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

CVE-2026-43164

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

CVE-2026-43159 staging: rtl8723bs: fix null dereference in find_network

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix null dereference in findnetwork The variable pwlan has the possibility of being NULL when passed into rtwfreenetworknolock which would later dereference the variable...

CVE-2026-43159

CVE-2026-43159 affects the Linux kernel's rtl8723bs Wi‑Fi driver, where a null pointer pwlan can be dereferenced in rtw_free_network_nolock(), potentially causing a crash. Multiple OSV entries indicate patches have been applied in rootio-linux for Ubuntu (Root:Ubuntu:22.04 and 24.04) and in Debia...

CVE-2026-43152

The CVE-2026-43152 issue is in the Linux kernel HID subsystem (hid-pl): if probe errors during device init are not handled, a NULL pointer dereference can occur when a device using Force Feedback is interacted with. Exploitation details are not provided in the documents, but the vulnerability is ...

CVE-2026-43148

The CVE-2026-43148 issue concerns the Linux kernel, specifically the powerpc/smp code path for parse_thread_groups(). A missing check for the return value of kcalloc() could allow a NULL pointer dereference when the allocation result is later used by of_property_read_u32_array(). The vulnerabilit...

CVE-2026-43148 powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...

CVE-2026-43148

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...

CVE-2026-43137

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...