CVE-2026-43079

A flaw was found in the Linux kernel's perf/x86/intel/uncore component. This vulnerability occurs when Non-Uniform Memory Access NUMA is disabled and the system boots with fewer CPUs than available in a processor die. Under these conditions, the kernel continues to parse a discovery table for...

EUVD-2026-27804

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAXMWS, This patch protects against invalid index out of bounds access to mwsizes When invalid access prin...

EUVD-2026-27737

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Reserve 8 struct clkhw slots for for 9FGV0841 The 9FGV0841 has 8 outputs and registers 8 struct clkhw, make sure there are 8 slots for those newly registered clkhw pointers, else there is going to be out of bounds write...

EUVD-2026-27726

In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in writepage caused by resize race A General Protection Fault occurs in writepage during array resize: RIP: 0010:writepage+0x22b/0x3c0 mdmod This is a use-after-free race between bitmapdaemonwork and...

EUVD-2026-27711

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...

EUVD-2026-27635

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

CVE-2026-43241

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAXMWS, This patch protects against invalid index out of bounds access to mwsizes When invalid access prin...

CVE-2026-43188

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

CVE-2026-43175

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Reserve 8 struct clkhw slots for for 9FGV0841 The 9FGV0841 has 8 outputs and registers 8 struct clkhw, make sure there are 8 slots for those newly registered clkhw pointers, else there is going to be out of bounds write...

CVE-2026-43148

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...

CVE-2026-43274

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

CVE-2026-43241

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAXMWS, This patch protects against invalid index out of bounds access to mwsizes When invalid access prin...

CVE-2026-43241

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix array-index-out-of-bounds access Number of MW LUTs depends on NTB configuration and can be set to MAXMWS, This patch protects against invalid index out of bounds access to mwsizes When invalid access prin...

CVE-2026-43188

CVE-2026-43188 affects the Linux kernel in the Ceph writeback path when fscrypt is enabled. The issue arises in move_dirty_folio_in_page_array() failing to allocate bounce buffers for encrypted folios and the shared rc variable being overwritten by ceph_process_folio_batch(); this could propagate...

CVE-2026-43188 ceph: do not propagate page array emplacement errors as batch errors

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

CVE-2026-43172

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...

CVE-2026-43172

CVE-2026-43172 affects the Linux kernel iwlwifi driver. If the firmware reports three LMACs (which hardware does not have), the code can overrun the array fwrt->smem_cfg.lmac[2]. The fix rejects such configurations and uses IWL_FW_CHECK instead of WARN_ON, mitigating a potential instability/Do...

CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

CVE-2026-43105

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc in vc4savehangstate but never freed in vc4freehangstate. Add the missing kfree for the BO array before freeing the...

CVE-2026-43079

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0. WARNING: CPU: 9 PID: 7257 at uncore.c:1157...