CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2026-43261 – arm64: Add support for TSV110 Spectre-BHB mitigation
https://notcve.org/view.php?id=CVE-2026-43261
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB (Branch History Buffer) attack, which can be exploited to leak information through branch prediction side channels. This commit adds the MIDR of TSV110 to the list for software mitigation. • https://git.kernel.org/stable/c/e192c8baa69ac8a5585d61ac535aa1e5eb795e80 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43258 – alpha: fix user-space corruption during memory compaction
https://notcve.org/view.php?id=CVE-2026-43258
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned tcache chunk"), and compiler internal errors. The failures disappear when compaction is disabled or when using global TLB invalidation. The root cause is insufficient TLB shootdown during page migration. Alpha ... • https://git.kernel.org/stable/c/a48d07afdf18212de22b959715b16793c5a6e57a • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43257 – media: cx88: Add missing unmap in snd_cx88_hw_params()
https://notcve.org/view.php?id=CVE-2026-43257
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in snd_cx88_hw_params() In error path, add cx88_alsa_dma_unmap() to release resource acquired by cx88_alsa_dma_map(). • https://git.kernel.org/stable/c/b2c75abde0debfb824f72845c3ed77d4b66798a0 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43255 – wifi: libertas: fix WARNING in usb_tx_block
https://notcve.org/view.php?id=CVE-2026-43255
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usb_tx_block The function usb_tx_block() submits cardp->tx_urb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active (e.g. during rapid firmware loading), usb_submit_urb() detects the active state and triggers a warning: 'URB submitted while active'. Fix this by enforcing serialization: call usb_kill_urb() before submitting the new requ... • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43253 – iommu/amd: move wait_on_sem() out of spinlock
https://notcve.org/view.php?id=CVE-2026-43253
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with interrupts disabled. Move the completion wait in iommu_completion_wait() out of the spinlock. wait_on_sem() only polls the hardware-updated cmd_sem and does not require iommu->lock, so holding the lock during the busy wait unnecessarily inc... • https://git.kernel.org/stable/c/4bf5beef578e46393f11eb69dda7d17a065e05ff • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43251 – HID: prodikeys: Check presence of pm->input_ep82
https://notcve.org/view.php?id=CVE-2026-43251
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm->input_ep82 Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, pm->input_ep82 stays NULL, which leads to a crash later. This does not happen with the real device, but can be provoked by imposing as one. • https://git.kernel.org/stable/c/3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43250 – usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
https://notcve.org/view.php?id=CVE-2026-43250
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs because _ep_nuke() returns requests to the gadget layer without properly unmapping DMA buffers or cleaning up scatter-gather bounce buffers. Root cause: When a disconnect happens during a multi-segment DMA transfer, ... • https://git.kernel.org/stable/c/aa69a8093ff985873cb44fe1157bd6db29a20fe4 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2026-43249 – 9p/xen: protect xen_9pfs_front_free against concurrent calls
https://notcve.org/view.php?id=CVE-2026-43249
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen_9pfs_front_free() twice, hitting the observed general protection fault due to a double-free. Guard the teardown path so only one caller can release the front-end state at a time, preventing the crash. This is a fix for the following double-free: [ 27.052347] Oops: general protection fault, probably ... • https://git.kernel.org/stable/c/c15fe55d14b3b4ded5af2a3260877460a6ffb8ad • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43246 – media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
https://notcve.org/view.php?id=CVE-2026-43246
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906_probe() In one of the error paths in tw9906_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that by calling v4l2_ctrl_handler_free() on the handler in that error path. • https://git.kernel.org/stable/c/a000e9a02b5885b1b69f691c80e346d102f94a88 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43244 – kcm: fix zero-frag skb in frag_list on partial sendmsg error
https://notcve.org/view.php?id=CVE-2026-43244
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in frag_list on partial sendmsg error Syzkaller reported a warning in kcm_write_msgs() when processing a message with a zero-fragment skb in the frag_list. When kcm_sendmsg() fills MAX_SKB_FRAGS fragments in the current skb, it allocates a new skb (tskb) and links it into the frag_list before copying data. If the copy subsequently fails (e.g. -EFAULT from user memory), tskb remains in the frag_list with zero fragments... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 • CWE-401: Missing Release of Memory after Effective Lifetime •