CVE-2026-43264

In the Linux kernel, the following vulnerability has been resolved: fbdev: of: displaytiming: fix refcount leak in ofgetdisplaytimings ofparsephandle returns a devicenode with refcount incremented, which is stored in 'entry' and then copied to 'nativemode'. When the error paths at lines 184 or 19...

CVE-2026-43237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

CVE-2026-43207

The vulnerability CVE-2026-43207 affects the Linux kernel mtk-mdp media driver. Root cause: improper error handling in the probe function can cause resource leaks; a missing check for vpu_get_plat_device() may dereference a NULL and the function increases the platform device reference count, risk...

CVE-2026-43193

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4file refcount leak in nfsdgetdirdeleg Claude pointed out that there is a nfs4file refcount leak in nfsdgetdirdeleg. Ensure that the reference to "fp" is released before returning...

CVE-2026-43192

The provided sources describe CVE-2026-43192 as a Linux kernel issue in the device-mapper multipath (dm mpath) subsystem. A missing cleanup (dm_put_device) when failing to retrieve the SCSI handler name during path parsing (scsi_dh_attached_handler_name) could leak references to the path device. ...

CVE-2026-43177

In the Linux kernel ipu6 driver, CVE-2026-43177 is due to a runtime PM reference leak in probe error paths of the ipu6_pci_probe() routine. Several error paths jumped to cleanup without releasing the runtime PM reference, risking resource exhaustion and potential DoS. The published fixes add a pm...

CVE-2026-43177 media: ipu6: Fix RPM reference leak in probe error paths

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

CVE-2026-43177

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

CVE-2026-43174 io_uring/zcrx: fix post open error handling

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...

CVE-2026-43165

CVE-2026-43165 corresponds to a Linux kernel hwmon issue in the nct7363 driver where of_parse_phandle_with_args() references were not released with of_node_put(), causing a resource leak in nct7363_present_pwm_fanin. The connected OSV entries indicate patches in rootio-linux for various Ubuntu/De...

CVE-2026-43154

The CVE-2026-43154 issue affects the Linux kernel EROFS filesystem, where crafted EROFS images with valid volume labels trigger incorrect early exits in volume label handling, leading to folio reference leaks. Affected component is the EROFS implementation in the kernel; root cause is improper co...

CVE-2026-43154 erofs: fix incorrect early exits in volume label handling

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing valid volume labels can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or...

CVE-2026-43121 io_uring/zcrx: fix user_ref race between scrub and refill paths

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

CVE-2026-43090

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmmigratepolicyfind syzkaller reported a memory leak in xfrmpolicyalloc: BUG: memory leak unreferenced object 0xffff888114d79000 size 1024: comm "syz.1.17", pid 931 ... xfrmpolicyalloc+0xb3/0x4b0...

RHSA-2026:13888 Red Hat Security Advisory: sudo security update

Bulletin has no description...

CVE-2026-43116

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

CVE-2026-43106 cachefiles: fix incorrect dentry refcount in cachefiles_cull()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below changed cachefilesburyobject to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry which tak...

CVE-2026-43106

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below changed cachefilesburyobject to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry which tak...

CVE-2026-43090

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmmigratepolicyfind syzkaller reported a memory leak in xfrmpolicyalloc: BUG: memory leak unreferenced object 0xffff888114d79000 size 1024: comm "syz.1.17", pid 931 ... xfrmpolicyalloc+0xb3/0x4b0...

CVE-2026-43090 xfrm: fix refcount leak in xfrm_migrate_policy_find

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmmigratepolicyfind syzkaller reported a memory leak in xfrmpolicyalloc: BUG: memory leak unreferenced object 0xffff888114d79000 size 1024: comm "syz.1.17", pid 931 ... xfrmpolicyalloc+0xb3/0x4b0...