CVE-2026-43100

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

CVE-2026-43101

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

CVE-2026-43101

The CVE-2026-43101 entry refers to a Linux kernel IPv6 IOAM issue: __ioam6_fill_trace_data() could dereference NULL if __in6_dev_get() returns NULL. The fix replaces skb_dst_dev() with skb_dst_dev_rcu() and adds two missing READ_ONCE() checks; it also enforces that @dev cannot be NULL. Patches ar...

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

CVE-2026-43099

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded, and passing this error pointer to devhold will cause a kernel cra...

CVE-2026-43099

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded, and passing this error pointer to devhold will cause a kernel cra...

CVE-2026-43099

The CVE-2026-43099 issue affects the Linux kernel, specifically the IPv4/ICMP path and the IPv6 stub handling. When the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT); passing that to dev_hold() can cause a null pointer dereference and a...

CVE-2026-43099 ipv4: icmp: fix null-ptr-deref in icmp_build_probe()

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded, and passing this error pointer to devhold will cause a kernel cra...

CVE-2026-43094

CVE-2026-43094 affects the Linux kernel ixgbevf driver on Hyper-V VMs. The root cause is a missing negotiate_features callback in the Hyper-V mac_ops table, causing ixgbevf_negotiate_api() to dereference a NULL hw->mac.ops.negotiate_features() during feature negotiation. This can lead to a NUL...

CVE-2026-43094

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiatefeatures op to Hyper-V ops table Commit a7075f501bd3 "ixgbevf: fix mailbox API compatibility by negotiating supported features" added the .negotiatefeatures callback to ixgbemacoperations and populat...

CVE-2026-43086

CVE-2026-43086 concerns the Linux kernel IPVS component. The vulnerability occurs in the error path of ip_vs_add_service when ip_vs_bind_scheduler() has succeeded and the local variable sched is set to NULL; if ip_vs_start_estimator() then fails, ip_vs_unbind_scheduler(svc, sched) is invoked with...

CVE-2026-43086

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

SUSE CVE-2026-31744

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...

SUSE CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

SUSE CVE-2026-31781

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

SUSE CVE-2026-43013

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG device before creating debugfs mlx5lagdevaddmdev may return 0 success even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5ldevadddebugfs ev...

SUSE CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

SUSE CVE-2026-43058

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtvtsnullwriteinto and vidtvtspcrwriteinto take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtvtsnullwriteinto has...

SUSE CVE-2026-43063

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

PT-2026-37553

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rtw89 PCI Wi-Fi driver where the kernel fails to validate the sequence number of the TX release report. If the hardware reports an abnormal sequence number, it lea...