63002 matches found
CVE-2026-43401
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...
UBUNTU-CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
UBUNTU-CVE-2026-43424
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...
UBUNTU-CVE-2026-43364
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
UBUNTU-CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
UBUNTU-CVE-2026-43416
In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...
CVE-2026-43473
CVE-2026-43473 affects the Linux kernel's mpi3mr SCSI driver. The vulnerability occurs when the driver cleans up resources and the reply/request queues are NULL due to memory being freed after a failed queue creation. The cleanup code may then dereference or mem-set freed memory, causing a system...
CVE-2026-43471
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...
CVE-2026-43471
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...
CVE-2026-43471 scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...
CVE-2026-43471
Summary (mode C): The CVE-2026-43471 issue affects the Linux kernel’s SCSI UFS core, specifically a NULL pointer dereference in ufshcd_add_command_trace() when hwq is NULL, which can occur if ufshcd_mcq_req_to_hwq() returns NULL. A patch adds a NULL check for hwq before accessing hwq->id to pr...
CVE-2026-43441 net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
CVE-2026-43431 xhci: Fix NULL pointer dereference when reading portli debugfs files
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...
CVE-2026-43431
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...
CVE-2026-43431
In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...
CVE-2026-43431
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...
CVE-2026-43424
The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...
CVE-2026-43424 usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...
CVE-2026-43424
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...