CVE-2026-43401

A flaw was found in the Linux kernel's intelpstate component. This vulnerability arises when the system is booted with the "nosmt" parameter, causing a critical error known as a null pointer dereference in the updatecpuqosrequest function. Such an error can lead to system instability and...

CVE-2026-43388

A flaw was found in the Linux kernel's DAMON Data Access MONitor subsystem. The damoswalk function in mm/damon/core fails to clear a dangling pointer when a context is inactive and an error occurs. This issue can lead to a temporary denial of service DoS for subsequent calls to damoswalk,...

CVE-2026-43369

A flaw was found in the Linux kernel's drm/amd graphics driver. When a GPU initialization fails due to an unsupported hardware block, certain IP blocks may have a null version pointer. During the device cleanup process, the amdgpudevicesetpgstate and amdgpudevicesetcgstate functions attempt to...

CVE-2026-43367

A flaw was found in the Linux kernel's drm/amd component. This vulnerability allows a local attacker to cause a Denial of Service DoS by triggering a NULL pointer dereference during device cleanup on unsupported hardware. This can lead to system instability or a crash, impacting the availability ...

CVE-2026-43364

A flaw was found in the Linux kernel's ublk subsystem. A local user can trigger a NULL pointer dereference by sending an UPDATESIZE command to a ublk device that has been added but not yet started, or one that has been stopped. This occurs due to insufficient state validation before dereferencing...

CVE-2026-43306

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF crypto component. A local attacker, by running a specially crafted BPF program, could trigger a type mismatch in function pointers when Control Flow Integrity CFI is enabled. This can lead to a kernel internal error, resulting in a...

CVE-2026-43295

A flaw was found in the Linux kernel's rapidio subsystem. When memory allocation for idtab fails within the rioscanallocnet function, the network object is not correctly freed, resulting in a dangling pointer. This improper memory management could lead to system instability or a denial of service...

CLSA-2026-1778254552 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

EUVD-2026-28777

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

EUVD-2026-28728

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

EUVD-2026-28737

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

EUVD-2026-28730

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

EUVD-2026-28707

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

EUVD-2026-28716

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

EUVD-2026-28722

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

EUVD-2026-28719

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

EUVD-2026-28670

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...

EUVD-2026-28694

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

EUVD-2026-28673

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

EUVD-2026-28675

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...