CVE-2026-43471

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

CVE-2026-43471

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

CVE-2026-43441 net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

CVE-2026-43441

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43431 xhci: Fix NULL pointer dereference when reading portli debugfs files

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

CVE-2026-43431

In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...

CVE-2026-43424

The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...

CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

CVE-2026-43424 usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

CVE-2026-43422

In CVE-2026-43422, the Linux kernel USB legacy NCM driver had a NULL pointer dereference in gncm_bind caused by deferring net_device allocation. The fix defers allocation until later in the binding process and stores qmult, host_addr, and dev_addr into ncm_opts->net_opts during gncm_bind so th...

CVE-2026-43422 usb: legacy: ncm: Fix NPE in gncm_bind

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43421

The CVE affects the Linux kernel USB gadget for Network Control Model (NCM) where a net_device could outlive its parent gadget during disconnection, causing dangling sysfs links and potential null dereference. The root cause was lifecycle mismanagement of net_device during USB bind/unbind, addres...

CVE-2026-43413 scsi: hisi_sas: Fix NULL pointer exception during user_scan()

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...