CVE-2026-43327

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43301

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pmruntimeputsync with pmruntimedontuseautosuspend in the remove path to properly pair with pmruntimeuseautosuspend from probe. This allows pmruntimedisable t...

UBUNTU-CVE-2026-43327

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43295

In the Linux kernel, the following vulnerability has been resolved: rapidio: replace riofreenet with kfree in rioscanallocnet When idtab allocation fails, net is not registered with rioaddnet yet, so kfreenet is sufficient to release the memory. Set mport-net to NULL to avoid dangling pointer...

UBUNTU-CVE-2026-43305

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path Why The evaluation for whether we need to use the DMUB HW lock isn't the same as whether we need to unlock which results in a hang when the fast path is us...

CVE-2026-43327

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43327

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43327

CVE-2026-43327 affects the Linux kernel USB dummy-hcd code. The race involves usb_gadget_udc_reset() being invoked with a NULL second argument (driver) due to a race between USB reset and driver unbind, enabling a potential crash. The root cause was that stop_activity() could drop and re-acquire ...

CVE-2026-43327 USB: dummy-hcd: Fix locking/synchronization error

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

CVE-2026-43305

CVE-2026-43305 details a Linux kernel DRM AMD display issue where the DMUB HW lock unlock path in the HWSS fast path could hang due to a mismatch between evaluating the need for the lock and unlocking. The fix introduces a flag to track whether the lock should be used and applies that flag to gov...

CVE-2026-43301

CVE-2026-43301 relates to the Linux kernel driver for the wave5 media component. The issue arises when the driver’s remove path unconditionally calls pm_runtime_put_sync(), which can underflow the PM usage count if autosuspend was already activated during probe. This mismatch prevents proper refe...

CLSA-2026-1778238067 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: fix excessive memory usage from many '' in IMAP commands...

EUVD-2026-28497

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an...

Linux Distros Unpatched Vulnerability : CVE-2026-43301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix PM runtime usage count underflow Replace pmruntimeputsync with pmruntimedontuseautosuspend in the remove path to properly pair wi...

PT-2026-38978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking and synchronization error exists in the USB dummy-hcd component. A race condition can occur between a USB reset and a driver unbind process. Specifically, the stop activity...

Linux Distros Unpatched Vulnerability : CVE-2026-43394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefrom...

PT-2026-38937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rio scan alloc net function where rio free net was used instead of kfree during a failure in idtab allocation. Because the net is not yet registered with rio add n...

PT-2026-39303

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.9 Description The system test entrypoint canonicalizes a user-controlled file path using File.realpath and verifies if the resolved path starts with the temporary directory path. This containment check...

Linux Distros Unpatched Vulnerability : CVE-2026-43327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in...

PT-2026-39210

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.17 Description An unauthenticated Server-Side Request Forgery SSRF allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal or private network addresses. The...