CVE-2026-43490

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...

Chromium: CVE-2026-7926 Use after free in PresentationAPI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

UBUNTU-CVE-2026-43170

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...

CVE-2026-43247

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

CVE-2026-43165

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the reference of device node. In nct7363presentpwmfanin, it does not release...

CVE-2026-43269

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...

CVE-2025-71287

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure e.g. probe deferral and on driver unbind...

CVE-2026-43163

In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in writepage caused by resize race A General Protection Fault occurs in writepage during array resize: RIP: 0010:writepage+0x22b/0x3c0 mdmod This is a use-after-free race between bitmapdaemonwork and...

CVE-2026-43207

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

CVE-2026-43176

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 "wifi: rtw89: pci: validate sequence number of TX release report" does validation on existing chips, which somehow a release...

CVE-2026-43075

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...

CVE-2026-43069

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcill: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hcill.c:587 downloadfirmware warn: 'fw' from requestfirmware not released on lines: 544. In downloadfirmware, if requestfirmware succeeds but the...

UBUNTU-CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

CVE-2026-31713

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...

CVE-2026-31658

In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tsestartxmit When dmamapsingle fails in tsestartxmit, the function returns NETDEVTXOK without freeing the skb. Since NETDEVTXOK tells the stack the packet was consumed, the sk...

CVE-2026-31619

In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efrstatusnames has 17 entries so a status value outside that range go...

CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

CVE-2026-31598

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...

CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

CVE-2026-31623

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...