CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43381

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

CVE-2026-43355

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pmruntimeputautosuspend before the error check to ensure the PM runtime reference count is always decremented after pmruntimegetsync, regardless of whether the read...

CVE-2026-43381

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

UBUNTU-CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

UBUNTU-CVE-2026-43357

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...

UBUNTU-CVE-2026-43355

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pmruntimeputautosuspend before the error check to ensure the PM runtime reference count is always decremented after pmruntimegetsync, regardless of whether the read...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

UBUNTU-CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43446

CVE-2026-43446 affects the Linux kernel in the accel/amdxdna driver. A runtime suspend deadlock could occur if a running job calls pm_runtime_resume_and_get() while the system is suspending; the deadlock arises between the runtime suspend path and the job execution flow. The fix moves pm_runtime_...

CVE-2026-43446 accel/amdxdna: Fix runtime suspend deadlock when there is pending job

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

CVE-2026-43437 ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

CVE-2026-43381 nouveau/dpcd: return EBUSY for aux xfer if the device is asleep

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

CVE-2026-43357 iio: gyro: mpu3050-core: fix pm_runtime error handling

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...