CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43313 – ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
https://notcve.org/view.php?id=CVE-2026-43313
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43312 – media: i2c: ov5647: Initialize subdev before controls
https://notcve.org/view.php?id=CVE-2026-43312
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647_init_controls() we call v4l2_get_subdevdata, but it is initialized by v4l2_i2c_subdev_init() in the probe, which currently happens after init_controls(). This can result in a segfault if the error condition is hit, and we try to access i2c_client, so fix the order. • https://git.kernel.org/stable/c/4974c2f19fd810ec9a4e534bfc69e176256b7a03 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43310 – media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
https://notcve.org/view.php?id=CVE-2026-43310
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produce corrupted pictures, even potentially lead to system hang. [ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out. [ 110.583517] hantro-vpu 38310000.video-codec: bus error detected. Therefore, it is... • https://git.kernel.org/stable/c/cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2026-43309 – md raid: fix hang when stopping arrays with metadata through dm-raid
https://notcve.org/view.php?id=CVE-2026-43309
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices) - The top-level RAID device is then removed Removing the top-level devi... • https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43308 – btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2026-43308
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error and log an error message. • https://git.kernel.org/stable/c/5d4f98a28c7d334091c1b7744f48a1acdd2a4ae0 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43304 – libceph: define and enforce CEPH_MAX_KEY_LEN
https://notcve.org/view.php?id=CVE-2026-43304
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- ... • https://git.kernel.org/stable/c/cd1a677cad994021b19665ed476aea63f5d54f31 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43303 – mm/page_alloc: clear page->private in free_pages_prepare()
https://notcve.org/view.php?id=CVE-2026-43303
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don't clear it before freeing pages. When these pages are later allocated as high-order pages and split via split_page(), tail pages retain stale page->private values. This causes a use-after-free in the swap subsystem. The swap code uses page->private to track swap count continuations, assuming freshly allocated page... • https://git.kernel.org/stable/c/3b8000ae185cb068adbda5f966a3835053c85fd4 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43302 – drm/v3d: Set DMA segment size to avoid debug warnings
https://notcve.org/view.php?id=CVE-2026-43302
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length. DMA-API: v3d 1002000000.v3d: mapping sg segment longer than dev... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43299 – btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
https://notcve.org/view.php?id=CVE-2026-43299
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO (this part is expected, although the ENOSPC bug still needs to be addressed). The problem is after the RO flip, if there is a read repair pending, we can hit the ASSERT() inside btrfs_repair_io_failure() like the following: BTRFS info (device vdc): relocating block grou... • https://git.kernel.org/stable/c/908960c6c0fb3b3ce3971dc0ca47b581d256b968 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43296 – octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
https://notcve.org/view.php?id=CVE-2026-43296
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clea... • https://git.kernel.org/stable/c/5d9b976d4480dc0dcfa3719b645636d2f0f9f156 • CWE-667: Improper Locking •