CVE-2026-43007

The CVE-2026-43007 entry relates to the Linux kernel accel/qaic component. Root cause: when a DBC is released, QAIC sends QAIC_TRANS_DEACTIVATE_FROM_DEV and resources are freed via decode_deactivate() in qaic_manage_ioctl() context. If the initiating user process terminates before the deactivatio...

CVE-2025-71182 can: j1939: make j1939_session_activate() fail if device is no longer registered

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if device is no longer registered syzbot is still reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 "can: j1939: add missing...

EUVD-2023-60370

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

CVE-2025-40147

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when throttling is consulted before the throttle policy is fully enabled for the...

CVE-2025-40147 blk-throttle: fix access race during throttle policy activation

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when throttling is consulted before the throttle policy is fully enabled for the...