CVE-2026-43367 drm/amd: Fix a few more NULL pointer dereference in device cleanup

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

CVE-2026-43367

The CVE-2026-43367 issue affects the Linux kernel, specifically the drm/amd component. It stems from NULL pointer dereferences during device cleanup on unsupported hardware, caused by missing NULL checks on a version pointer. The fixes add NULL checks to these cleanup paths and were cherry-picked...

CVE-2026-43367

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

CVE-2026-43367

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

CVE-2026-43364

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...

CVE-2026-43364

Summary (CVE-2026-43364) : In the Linux kernel ublk subsystem, a local attacker can trigger a NULL pointer dereference by sending UPDATE_SIZE to a ublk device that has been added but not started, or that has been stopped. The root cause is missing state validation in ublk_ctrl_set_size(), which d...

CVE-2026-43364

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...

CVE-2026-43364 ublk: fix NULL pointer dereference in ublk_ctrl_set_size()

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...

CVE-2026-43356

The CVE-2026-43356 issue affects the Linux kernel IIO ADIS IMU drivers (e.g., adis16480, adis16490, adis16545). In adis_init(), the code dereferences adis->ops to inspect function pointers without first verifying that adis->ops itself is non-NULL, leading to a NULL pointer dereference durin...

CVE-2026-43356 iio: imu: adis: Fix NULL pointer dereference in adis_init

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

CVE-2026-43335

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

CVE-2026-43300

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...

CVE-2026-43297

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...

CVE-2026-43295

In the Linux kernel, the following vulnerability has been resolved: rapidio: replace riofreenet with kfree in rioscanallocnet When idtab allocation fails, net is not registered with rioaddnet yet, so kfreenet is sufficient to release the memory. Set mport-net to NULL to avoid dangling pointer...

CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

CVE-2026-43300

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...