CVE-2026-43257

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

CVE-2026-43251 HID: prodikeys: Check presence of pm->input_ep82

In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...

CVE-2026-43251

In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...

CVE-2026-43251

CVE-2026-43251 affects the Linux kernel HID prodikeys driver. A local attacker can connect a crafted USB device whose report descriptor bypasses the pm->input_ep82 check, leaving input_ep82 NULL and causing a crash (potential DoS). Multiple OSV entries show patches in rootio-linux packages for...

CVE-2026-43238 net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...

CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

CVE-2026-43238

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...

CVE-2026-43238

CVE-2026-43238 is a Linux kernel issue in the net/sched act_skbedit module. The bug arises in tcf_skbedit_hash() when calculating mapping_mod = queue_mapping_max - queue_mapping + 1, which could reach 65536 for full u16 queue ranges. This value cannot fit in a u16 and previously wrapped to 0, cau...

CVE-2026-43237

CVE-2026-43237 affects the Linux kernel AMDGPU driver, specifically the amdgpu_gem_va_ioctl handling of fences for VM timeline management. The issue could cause a refcount underflow and use-after-free during fence processing, potentially leading to a kernel panic and denial of service. The descri...

CVE-2026-43224 io_uring/zcrx: fix sgtable leak on mapping failures

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-43224

The CVE-2026-43224 entry concerns the Linux kernel io_uring/zcrx subsystem. A memory leak could occur when mapping fails in io_populate_area_dma() on PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA, as io_zcrx_map_area() would allocate a sgtable that isn’t freed due to the error path not freeing it when !is_...

CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-43140 HID: magicmouse: Do not crash on missing msc->input

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc-input Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, msc-input stays NULL, leading to a crash at a later time...

CVE-2026-43140

The CVE-2026-43140 vulnerability affects the Linux kernel HID magicmouse driver. Fake USB devices could present their own report descriptors such that input_mapping() does not call, leaving msc->input NULL and causing a crash later. The issue is resolved by detecting this condition in input_co...

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

CVE-2026-43128 RDMA/umem: Fix double dma_buf_unpin in failure path

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

CVE-2026-43124

In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...

CVE-2026-43124

The CVE-2026-43124 issue affects Linux kernel pstore ram_core, where persistent_ram_vmap() could return a non-NULL pointer after vmap() failed, causing persistent_ram_buffer_map() to incorrectly report success and potentially dereference an invalid address on access, leading to a crash (DoS). Roo...

CVE-2026-43089

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structur...