CVE-2026-43201

CVE-2026-43201 applies to the Linux kernel GHES ARM error handling (APEI/GHES: ARM processor Error). Root cause: parsing ARM error context where err_info_num/context_info_num lead to calculating sz and potentially overrunning with too small a dump, causing OOPS. The CVE is addressed by adding siz...

CVE-2026-43202

CVE-2026-43202 affects the Linux kernel fbdev vt8500lcdfb driver. The root cause is a memory leak: fbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not freed on error paths due to missing dma_free_coherent() cleanup. This can exhaust system memory and cause DoS. Multiple OSV...

CVE-2026-43205

CVE-2026-43205 affects the Linux kernel's dpaa2-switch handling. The defect arises from the driver obtaining sw_attr.num_ifs from firmware without validating it against DPSW_MAX_IF (64). This allows an out-of-bounds write in dpaa2_switch_fdb_get_flood_cfg() when num_ifs can reach 64, as it writes...

CVE-2026-43212

The CVE-2026-43212 entries involve the Linux kernel on LoongArch where cpumask_of_node() failed to handle NUMA_NO_NODE, which is a valid index. The root cause is an insufficient check in the arch-specific cpumask_of_node() implementation, leading to potential instability or incorrect behavior if ...

CVE-2026-43214

The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...

CVE-2026-43217

CVE-2026-43217 affects the Linux kernel, specifically the media: iris: gen2 component. The issue occurs in iris_kill_session where inst->state is set to IRIS_INST_ERROR and session_close frees inst_hfi_gen2->packet; if stop_streaming is called afterward, a crash may occur. The published fix...

CVE-2026-43219

CVE-2026-43219 concerns the Linux kernel networking code in cpsw_new. The issue arises when register_netdev() fails for the first MAC in cpsw_register_ports() but cpsw->slaves[1].ndev remains set, allowing cpsw_unregister_ports() to later try to unregister the second MAC. The root cause is not...

CVE-2026-43221

CVE-2026-43221 affects Linux kernel IPMI/IPMB: the event handler responsible for IPMB read bytes may fail to initialize reads, causing an I2C read to return an uninitialised value from the bus driver. This is described across multiple advisories (Root-OS-UBUNTU-2404, SUSE, Red Hat) as a patchable...

CVE-2026-43244

CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...

CVE-2026-43249

The CVE-2026-43249 entry describes a race in the Linux kernel 9p/xen frontend: xenwatch and backend change notifications can concurrently call xen_9pfs_front_free, causing a double-free and a general protection fault. The fixes guard the teardown path so only a single caller releases the front-en...

CVE-2026-43250

CVE-2026-43250 affects the Linux kernel ChipIdea USB Device Controller (UDC) driver. The vulnerability arises when a USB device is reconnected during an active transfer, because _ep_nuke() returns requests without unmapping DMA buffers or cleaning bounce buffers, leaving stale DMA state (num_mapp...

CVE-2026-43259

CVE-2026-43259 affects the Linux kernel in the phy: fsl-imx8mq-usb driver. The vulnerability arises from missing platform_set_drvdata(), with data intended for use in remove(). The fixed code adds the missing platform_set_drvdata() call in the driver. Impact, as per the CVE details, is consistent...

CVE-2026-43261

The CVE-2026-43261 entry concerns the Linux kernel ARM64 arm64: TSV110 Spectre-BHB mitigation. The root cause is Spectre-BHB leakage via branch-prediction side channels on TSV110; mitigation consists of adding the TSV110 MIDR to the software mitigation list in the kernel. Affected component: Linu...

CVE-2026-43263

The CVE-2026-43263 entry concerns the Linux kernel chips-media wave5 driver. The vulnerability arises when multiple driver instances are created and destroyed, causing many interrupts and removal of decoder structures. The shared vpu_instance structure is not protected by a lock, allowing a poten...

CVE-2026-43275

In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...

CVE-2026-43277

The CVE-2026-43277 issue affects the Linux kernel GHES/APEI path. The root cause is a mismatch between CPER-record length and the actual number of pages allocated when ghes_new() validates CPER data, enabling a bad firmware to cause an out-of-bounds write and a kernel OOPs/panic. Public descripti...

CVE-2026-43278

The vulnerability CVE-2026-43278 affects the Linux kernel’s device-mapper (dm) component, notably dm-multipath, where stale cloned bio pointers in cloned requests can lead to use-after-free and double-free of bios. The sequence shows cloned bios freed during blk_complete_request() while rq->bi...

CVE-2026-43287

The CVE targets Linux kernel DRM:MODE_CREATEPROPBLOB allocations. Arbitary-sized property blobs allocated for kernel memory were not charged to the caller’s memory cgroup, enabling unprivileged local users to trigger unbounded kernel memory growth and potential system-wide OOM. The fix ensures bl...

CVE-2026-43290

Summary (CVE-2026-43290) A flaw in the Linux kernel's media subsystem (uvcvideo) can occur when start_streaming() fails due to an error in uvc_pm_get(), causing queued buffers to not be returned. The issue can lead to system instability or a denial of service by triggering a USB host controller f...

CVE-2026-43299

Consolidated details show CVE-2026-43299 affects the Linux kernel btrfs filesystem. When ENOSPC can cause the filesystem to flip to read‑only in a critical path, a pending read repair may trigger an assertion failure inside btrfs_repair_io_failure(), leading to a kernel crash. The issue is docume...

CVE-2026-43306

CVE-2026-43306 affects the Linux kernel due to bpf: crypto: Use the correct destructor kfunc type. With CONFIG_CFI enabled, indirect calls must match the target function’s pointer type. In the reported case, a CFI failure occurred at bpf_obj_free_fields while freeing a BPF crypto context, signali...

CVE-2026-43310

The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...

CVE-2026-43312

CVE-2026-43312 is a Linux kernel vulnerability in the ov5647 V4L2 I2C driver. The issue arises from calling v4l2_get_subdevdata in ov5647_init_controls() before the subdevice is initialized by v4l2_i2c_subdev_init() during probe, which can dereference i2c_client and cause a segfault if an error p...

CVE-2026-43315

CVE-2026-43315 involves the Linux kernel KVM nSVM warning path. Technical details across connected docs show that a user-triggerable WARN is raised in svm_set_nested_state() when nested_svm_load_cr3() succeeds, and the patch removes this WARN. The rationale is that userspace can easily trigger th...

CVE-2026-43316

CVE-2026-43316 affects the Linux kernel, specifically the media/solo6x10 component. A signed shift could exceed 32 bits when compiled with UBSAN_SHIFT enabled, triggering undefined behavior; remediation added by checking the existing max chip_id and using an unsigned shift. This removes runtime i...

CVE-2026-43321

The CVE-2026-43321 issue is in the Linux kernel BPF subsystem, where indirect jumps did not correctly mark the live registers for a gotox rX, leaving the affected register state unchecked. When the kernel fails to mark registers as used, it can enable manipulation of kernel state and potentially ...

CVE-2026-43330

CVE-2026-43330 relates to the Linux kernel crypto/caam path, where an overflow occurs when a long HMAC key (longer than the block size) is copied for hashing. The vulnerability arises because the copy’s allocated memory is aligned for DMA, and the original kmemdup path could read beyond the key b...

CVE-2026-43332

In the Linux kernel thermal subsystem, CVE-2026-43332 affects the thermal_zone_device_register_with_trips() error path. The root cause is a missing wait_for_completion() after registering a thermal zone device, which can allow the thermal zone object to be freed prematurely if user space holds a ...

CVE-2026-43335

CVE-2026-43335 pertains to the Linux kernel interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, which can lead to a NULL pointer dereference in icc_link_nodes() at runtime when a destination interconnect pointer is invalid. The conseq...

CVE-2026-43338

CVE-2026-43338 affects the Linux kernel with the Btrfs filesystem. The issue arises because qgroup ioctls do not reserve transaction space, allowing -ENOSPC scenarios during quota-tree updates and delayed refs, which can abort transactions and enable a DoS condition. Vendors have published adviso...

CVE-2026-43340

Summary (CVE-2026-43340): The Linux kernel COMEDI subsystem contains a spinlock (dev->spinlock) in struct comedi_device that can be reinitialized when a COMEDI device is reattached to different low-level drivers via COMEDI_DEVCONFIG. This race can occur if multiple drivers with different lockd...

CVE-2026-43345

Summary: The CVE concerns the Linux kernel IPA driver. For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to CH_C_CNTXT_1. The register definition intended to define this field in CH_C_CNTXT_1 but used the old identifier ERINDEX instead of CH_ERINDEX, causing an incorrect event rin...

CVE-2026-43346

The CVE-2026-43346 entry documents a Linux kernel issue in ice: ptp used in VFIO passthrough where the PTP controlling PF (adapter->ctrl_pf) may not be initialized, causing NULL dereference risk and a WARN_ON() in ice_ptp_setup_pf(). The fix replaces the warning with an informational message a...

CVE-2026-43352

This CVE concerns the Linux kernel i3c mipi-i3c-hci driver DMA ring abort handling. The root cause is flawed abort logic that could disrupt the controller state: the code could issue an abort even when the ring is stopped, the abort completion is not re-initialized, aborts could clear RING_CTRL_E...

CVE-2026-43354

CVE-2026-43354 affects the Linux kernel hx9023s proximity sensor driver (iio). The root cause is a division-by-zero in set_samp_freq when the sampling frequency is unspecified. The vulnerability was addressed by a fix in the kernel to protect against this division by zero. Multiple vendor advisor...

CVE-2026-43356

The CVE-2026-43356 issue affects the Linux kernel IIO ADIS IMU drivers (e.g., adis16480, adis16490, adis16545). In adis_init(), the code dereferences adis->ops to inspect function pointers without first verifying that adis->ops itself is non-NULL, leading to a NULL pointer dereference durin...

CVE-2026-43362

CVE-2026-43362 affects the Linux kernel SMB client by an in-place encryption flaw in SMB2_write(), where the write payload could be replaced with ciphertext during retries on unstable connections. The root cause is that smb3_init_transform_rq() shares rq_iov, causing crypt_message() to in-place-e...

CVE-2026-43365

The CVE-2026-43365 issue affects the Linux kernel XFS filesystem: if the superblock does not specify a log stripe unit, the in-core log roundoff may be set to 512 instead of 4096, leading to log corruption and potentially unmountable filesystems. Authors in connected reports describe the impact o...

CVE-2026-43367

The CVE-2026-43367 issue affects the Linux kernel, specifically the drm/amd component. It stems from NULL pointer dereferences during device cleanup on unsupported hardware, caused by missing NULL checks on a version pointer. The fixes add NULL checks to these cleanup paths and were cherry-picked...

CVE-2026-43368

The CVE-2026-43368 entry concerns the Linux kernel DRM/i915 component (GEM shmem objects). A overflow can occur in the unsigned int .length field of a scatterlist when a scatterlists table for a GEM shmem object of 4 GB or more is built from folio-allocated pages, causing the total byte length of...

CVE-2026-43380

CVE-2026-43380 relates to the Linux kernel hwmon driver pmbus/q54sj108a2. The q54sj108a2_debugfs_read function suffers a stack buffer overflow due to incorrect bin2hex argument usage and insufficient output buffer size, causing writes beyond the stack. A fix expands the data_char buffer to 66 byt...

CVE-2026-43381

Summary : CVE-2026-43381 affects the Linux kernel nouveau driver. When runtime-suspend is active, a userspace process accessing /dev/drm_dp_* can trigger a system crash instead of receiving a proper busy status. The root cause is in the nouveau/dpcd path, where aux transfers may incorrectly crash...

CVE-2026-43382

Summary: CVE-2026-43382 affects the Linux kernel batman-adv component. The issue arises when batadv_v_elp_get_throughput() runs with the RTNL lock already held, which could cause a deadlock during cancellation of a work item. The fix switches to rtnl_trylock to skip ethtool retrieval if the RTNL ...

CVE-2026-43390

The CVE-2026-43390 issue affects the Linux kernel nstree component, where listing permissions were tightened so that even privileged services may not be allowed to view other privileged namespaces. The root cause is insufficient information isolation between namespaces; the kernel now uses may_se...

CVE-2026-43396

In the Linux kernel, the vulnerability CVE-2026-43396 is in the drm/xe/sync path. When dma_fence_chain_alloc() fails, the user fence reference is not released, causing a memory leak. Documented across multiple sources (Red Hat, SUSE, Ubuntu, Debian OSV entries, and NVD), the issue is fixed by the...

CVE-2026-43397

Technical details about CVE-2026-43397 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2026-43400

CVE-2026-43400 affects the Linux kernel’s DRM/AMDGPU component. The vulnerability arises from missing upper-bound input validation in the amdgpu_userq_signal_ioctl handler, allowing huge input values to trigger an Out-Of-Memory (OOM) condition and thus a Denial of Service. The issue is mitigated ...

CVE-2026-43405

CVE-2026-43405 affects the Linux kernel libceph component, specifically ceph_monmap_decode(). The root cause is signedness mishandling: blob_len and num_mon are int, used to hold non-negative values that should be unsigned, leading to potential large allocations when an incoming num_mon is very l...

CVE-2026-43406

CVE-2026-43406 affects the Linux kernel libceph component. The issue is in process_message_header() where, if a message frame is corrupted or misrepresented, an out-of-bounds read may occur due to a missing explicit bounds check before decoding the header. The vulnerability can enable remote expl...

CVE-2026-43416

CVE-2026-43416 affects the Linux kernel: a NULL pointer dereference in perf stack tracing when current->mm is released, risking kernel panic during profiling with BPF. The root cause is a missing alive check before retrieving the user callchain for perf_callchain_user (and similar to a prior x...