CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43296 – octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
https://notcve.org/view.php?id=CVE-2026-43296
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clea... • https://git.kernel.org/stable/c/5d9b976d4480dc0dcfa3719b645636d2f0f9f156 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43295 – rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2026-43295
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer. • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2026-43289 – kexec: derive purgatory entry from symbol
https://notcve.org/view.php?id=CVE-2026-43289
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexec_load_purgatory() derives image->start by locating e_entry inside an SHF_EXECINSTR section. If the purgatory object contains multiple executable sections with overlapping sh_addr, the entrypoint check can match more than once and trigger a WARN. Derive the entry section from the purgatory_start symbol when present and compute image->start from its final placement. Keep the existing e_entry fall... • https://git.kernel.org/stable/c/f368aed4827bd4276c0e3664fb2cb815a8d7caf3 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43288 – ext4: move ext4_percpu_param_init() before ext4_mb_init()
https://notcve.org/view.php?id=CVE-2026-43288
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4_percpu_param_init() before ext4_mb_init() When running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the `DOUBLE_CHECK` macro defined, the following panic is triggered: ================================================================== EXT4-fs error (device vdc): ext4_validate_block_bitmap:423: comm mount: bg 0: bad block bitmap checksum BUG: unable to handle page fault for address: ff110000fa2cc000 PGD 3e01067 P4D 3e02067... • https://git.kernel.org/stable/c/d5e03cbb0c88cd1be39f2adc37d602230045964b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43287 – drm: Account property blob allocations to memcg
https://notcve.org/view.php?id=CVE-2026-43287
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that ... • https://git.kernel.org/stable/c/e2f5d2ea479b9b2619965d43db70939589afe43a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-71297 – wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
https://notcve.org/view.php?id=CVE-2025-71297
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822b_config_trx_mode() because trying to read the RF registers when the chip is powered off returns an unexpected value. Call rtw8822b_config_trx_mode() in rtw8822b_set_antenna() only when the chip is powered on. ------------[ cut here ]------------ write... • https://git.kernel.org/stable/c/297bcf8222f222fd7defead862de4b8e3ea0b08a •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2026-43284 – xfrm: esp: avoid in-place decrypt on shared skb frags
https://notcve.org/view.php?id=CVE-2026-43284
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinar... • https://git.kernel.org/stable/c/cac2661c53f35cbe651bef9b07026a5a05ab8ce0 • CWE-123: Write-what-where Condition •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71292 – jfs: nlink overflow in jfs_rename
https://notcve.org/view.php?id=CVE-2025-71292
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning. After applying the patch syzbot no longer issues any warnings. I also ra... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-71289 – fs/ntfs3: handle attr_set_size() errors when truncating files
https://notcve.org/view.php?id=CVE-2025-71289
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state. • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71287 – memory: mtk-smi: fix device leak on larb probe
https://notcve.org/view.php?id=CVE-2025-71287
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind. • https://git.kernel.org/stable/c/cc8bbe1a83128ad06457e4dc69907c4f9a6fc1a7 • CWE-401: Missing Release of Memory after Effective Lifetime •