CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

CVE-2026-43228

In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUGON with error handling for CNID count checks In a06ec283e125 nextid, foldercount, and filecount in the super block info were expanded to 64 bits, and BUGONs were added to detect overflow. This triggered an error...

CVE-2026-43228

The CVE-2026-43228 entry concerns the Linux kernel hfs component where 64-bit CNID counts (next_id, folder_count, file_count) triggered kernel panics when MDB was corrupted. Root cause: BUG_ON-based overflow checks replaced by proper error handling. Impact: local DoS via kernel panic with a corru...

CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks

In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUGON with error handling for CNID count checks In a06ec283e125 nextid, foldercount, and filecount in the super block info were expanded to 64 bits, and BUGONs were added to detect overflow. This triggered an error...

CVE-2026-43226

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

CVE-2026-43226

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

CVE-2026-43226

The CVE-2026-43226 issue affects the Linux kernel Reliable Datagram Sockets (RDS). A state-machine bug allowed an RDS_CONN_ERROR to bypass the proper shutdown path via a shortcut through RDS_CONN_CONNECTING, created by RDS/TCP multipath changes. This could leave a connection stuck in shutdown-que...

CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...

CVE-2026-43219

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...

CVE-2026-43219

CVE-2026-43219 concerns the Linux kernel networking code in cpsw_new. The issue arises when register_netdev() fails for the first MAC in cpsw_register_ports() but cpsw->slaves[1].ndev remains set, allowing cpsw_unregister_ports() to later try to unregister the second MAC. The root cause is not...

CVE-2026-43218

CVE-2026-43218 affects the Linux kernel driver for tw9903 (media: i2c/tw9903) where, in an error path of tw9903_probe(), memory allocated for V4L2 control processing (v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()) is not freed. The fix adds a call to v4l2_ctrl_handler_free() on the handler in ...

CVE-2026-43211

CVE-2026-43211 – Linux kernel PCI slot lock handling fix The issue arises in PCI lock management: pci_slot_trylock() incorrectly handled unlocking when nested locks fail, due to an extra pci_dev_unlock(dev) on the failure path after delegating to pci_bus_trylock(). This could trigger a warning ab...

CVE-2026-43211

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcislottrylock error handling Commit a4e772898f8b "PCI: Add missing bridge lock to pcibuslock" delegates the bridge device's pcidevtrylock to pcibustrylock in pcislottrylock, but it forgets to remove the corresponding...

CVE-2026-43211 PCI: Fix pci_slot_trylock() error handling

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcislottrylock error handling Commit a4e772898f8b "PCI: Add missing bridge lock to pcibuslock" delegates the bridge device's pcidevtrylock to pcibustrylock in pcislottrylock, but it forgets to remove the corresponding...

CVE-2026-43207

The vulnerability CVE-2026-43207 affects the Linux kernel mtk-mdp media driver. Root cause: improper error handling in the probe function can cause resource leaks; a missing check for vpu_get_plat_device() may dereference a NULL and the function increases the platform device reference count, risk...

CVE-2026-43207

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

CVE-2026-43207 media: mtk-mdp: Fix error handling in probe function

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

CVE-2026-43202

CVE-2026-43202 affects the Linux kernel fbdev vt8500lcdfb driver. The root cause is a memory leak: fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed on error paths due to missing dma_free_coherent() cleanup. This can exhaust system memory and cause DoS. Multiple OSV...

CVE-2026-43202 fbdev: vt8500lcdfb: fix missing dma_free_coherent()

In the Linux kernel, the following vulnerability has been resolved: fbdev: vt8500lcdfb: fix missing dmafreecoherent fbi-fb.screenbuffer is allocated with dmaalloccoherent but is not freed if the error path is reached...

CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...