CVE-2026-43419 ceph: fix memory leaks in ceph_mdsc_build_path()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...

CVE-2026-43413 scsi: hisi_sas: Fix NULL pointer exception during user_scan()

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Fix NULL pointer exception during userscan userscan invokes updated sasuserscan for channel 0, and if successful, iteratively scans remaining channels 1 to shost-maxchannel via scsiscanhostselected in commit...

CVE-2026-43413

The CVE-2026-43413 entry concerns the Linux kernel HISI_SAS SCSI driver where user_scan() can trigger a NULL pointer dereference when scanning an unsupported channel (multi-channel scan path triggers for channel 1 even though hisi_sas supports only one channel). The exploit path is a NULL derefer...

CVE-2026-43410 firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

CVE-2026-43410

Summary: CVE-2026-43410 affects the Linux kernel firmware driver for Stratix 10 RSU. When RSU is not enabled in the FSBL, the driver can NULL-dereference via svc_normal_to_secure_thread(), causing a kernel panic. The root cause is rsu_send_async_msg() freeing the channel on failure, while the pro...

CVE-2026-43401

The CVE-2026-43401 issue affects the Linux kernel's intel_pstate component. A NULL pointer dereference can occur in update_cpu_qos_request() when the code dereferences cpudata before validating the policy, especially on systems booted with nosmt where all_cpu_data[cpu] may be NULL for SMT sibling...

CVE-2026-43401

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

CVE-2026-43401 cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

CVE-2026-43388 mm/damon/core: clear walk_control on inactive context in damos_walk()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

CVE-2026-43388

CVE-2026-43388 (Linux kernel, DAMON) : The vulnerability arises in mm/damon/core/damos_walk(), which sets ctx->walk_control to a caller-provided control structure before checking if the context is running. If the context is inactive, it returns -EINVAL without clearing the pointer, leaving a d...

CVE-2026-43379

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been called. This creates a race condition where the memory could be freed b...

CVE-2026-43378 smb: server: fix use-after-free in smb2_open()

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2open The opinfo pointer obtained via rcudereferencefp-fopinfo is dereferenced after rcureadunlock, creating a use-after-free window...

CVE-2026-43378

CVE-2026-43378 affects the Linux kernel SMB server (smb2_open). A use-after-free arises because the opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window. Multiple sources (SUSE, Red Hat, Debian OSV, Ubuntu, Debian t...

CVE-2026-43369

Summary (CVE-2026-43369): In the Linux kernel’s drm/amd driver, if GPU initialization fails due to an unsupported hardware block, some IP blocks may have a NULL version pointer. During device cleanup, amdgpu_device_set_pg_state and amdgpu_device_set_cg_state access adev->ip_blocks[i].version w...

CVE-2026-43369

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...

CVE-2026-43369 drm/amd: Fix NULL pointer dereference in device cleanup

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...

CVE-2026-43369

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...