CVE-2026-43445

In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...

CVE-2026-43445 e1000/e1000e: Fix leak in DMA error cleanup

In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...

CVE-2026-43445

CVE-2026-43445 is a Linux kernel vulnerability in the e1000/e1000e drivers (and potentially igbvf) where a DMA mapping error cleanup leak could occur. The root cause was an off-by-one condition in the dma_error path: count was decremented before the loop, so if any TX buffer mappings succeeded be...

CVE-2026-43443

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...

CVE-2026-43443

CVE-2026-43443 involves the Linux kernel ASoC AMD ACP Mach common driver. The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not validate clk_get() returns, risking dereferencing invalid pointers and kernel crash. The patch changes clock acquisition to devm_clk_get() and adds IS...

CVE-2026-43444 drm/amdkfd: Unreserve bo if queue update failed

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33...

CVE-2026-43444

CVE-2026-43444 is a Linux kernel vulnerability in the drm/amdkfd component. The issue arises from improper error handling in which a buffer object (bo) is not released if a queue update fails, leaving the BO unreserved. The description across multiple sources notes that the error path should unre...

CVE-2026-43440 net/mana: Null service_wq on setup error to prevent double destroy

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null servicewq on setup error to prevent double destroy In managdsetup error path, set gc-servicewq to NULL after destroyworkqueue to match the cleanup in managdcleanup. This prevents a use-after-free if the workqueue...

CVE-2026-43440

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null servicewq on setup error to prevent double destroy In managdsetup error path, set gc-servicewq to NULL after destroyworkqueue to match the cleanup in managdcleanup. This prevents a use-after-free if the workqueue...

CVE-2026-43440

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null servicewq on setup error to prevent double destroy In managdsetup error path, set gc-servicewq to NULL after destroyworkqueue to match the cleanup in managdcleanup. This prevents a use-after-free if the workqueue...

CVE-2026-43440

CVE-2026-43440 affects the Linux kernel net/mana driver, where during mana_gd_setup() cleanup a workqueue pointer (service_wq) could remain non-NULL after destroy_workqueue(), leading to a potential use-after-free if the pointer is checked after a failed setup. Connected advisories confirm the ro...

CVE-2026-43419 ceph: fix memory leaks in ceph_mdsc_build_path()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...

CVE-2026-43419

CVE-2026-43419 affects the Linux kernel Ceph filesystem component, where ceph_mdsc_build_path() could leak memory via a path pointer obtained with __getname() if not freed or transferred. The fixes add __putname() calls in error paths and ensure the pointer is freed when ownership isn’t passed to...

CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xxelsdcmdiocb sp-free is set to qla2x00elsdcmdspfree. When an error happens, this function is called by qla2x00sprelease, when krefput releases the first and the last...

CVE-2026-43397 drm/bridge: samsung-dsim: Fix memory leak in error path

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsungdsimhostattach, drmbridgeadd is called to add the bridge. However, if samsungdsimregisterteirq or pdata-hostops-attach fails afterwards, the function returns witho...

CVE-2026-43397

Technical details about CVE-2026-43397 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2026-43395

In the Linux kernel, the vulnerability CVE-2026-43395 affects the drm/xe/sync subsystem. During xe_sync_entry_parse(), references (syncobj, fence, chain fence, or user fence) can be allocated before a later failure path is reached, leaving partially initialized state and leaking refs. The fix rou...

CVE-2026-43381

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

CVE-2026-43372

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If requestthreadedirq fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the kszptpirqsetup's error path only frees the mappings...

CVE-2026-43373

The CVE-2026-43373 entry describes a Linux kernel vulnerability in the net: ncsi subsystem. Early return paths in NCSI RX and AEN handlers fail to release received skbuffers (skb) when processing invalid AEN packets or failing to resolve NCSI devices/handlers, leading to a memory leak. The impact...