CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

CVE-2026-43473

CVE-2026-43473 affects the Linux kernel's mpi3mr SCSI driver. The vulnerability occurs when the driver cleans up resources and the reply/request queues are NULL due to memory being freed after a failed queue creation. The cleanup code may then dereference or mem-set freed memory, causing a system...

CVE-2026-43473 scsi: mpi3mr: Add NULL checks when resetting request and reply queues

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to freed memory. This issue occurred when the creation o...

CVE-2026-43471

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

CVE-2026-43468

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw-wq esw-workqueue executes eswfunctionschangedeventhandler - eswvfschangedeventhandler and acquires the devlink lock. .eswitchmodeset acquires devlink lock in devlinknlpredoit -...

CVE-2026-43466

Summary (CVE-2026-43466) : The Linux kernel mlx5e driver had a desync bug in the software DMA FIFO during TX error recovery. Specifically, during recovery, dma_fifo_cc was reset to 0 while dma_fifo_pc was not, causing producer/consumer to operate on misaligned indices. After recovery, new entries...

CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

CVE-2026-43464

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...

CVE-2026-43465

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...

CVE-2026-43464

Summary: CVE-2026-43464 affects the Linux kernel mlx5e driver in XDP multi-buffer scenarios. When XDP programs modify buffer layout via bpf_xdp_pull_data() or bpf_xdp_adjust_tail(), the driver previously failed to count dropped fragments, causing negative page reference counts during cleanup and ...

CVE-2026-43464

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...

CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

CVE-2026-43451

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...

CVE-2026-43451

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...

CVE-2026-43451 netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...

CVE-2026-43449 nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...

CVE-2026-43449

CVE-2026-43449 concerns the Linux kernel NVMe PCI driver. The issue is a slab-out-of-bounds write in nvme_dbbuf_set caused by an incorrect loop bound when indexing dev->online_queues; index 0 (admin queue) is excluded, but the loop could overrun. The vulnerability is evidenced by KASAN reports...

CVE-2026-43449

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...

CVE-2026-43444

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33...