CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43311 – soc/tegra: pmc: Fix unsafe generic_handle_irq() call
https://notcve.org/view.php?id=CVE-2026-43311
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generic_handle_irq() call Currently, when resuming from system suspend on Tegra platforms, the following warning is observed: WARNING: CPU: 0 PID: 14459 at kernel/irq/irqdesc.c:666 Call trace: handle_irq_desc+0x20/0x58 (P) tegra186_pmc_wake_syscore_resume+0xe4/0x15c syscore_resume+0x3c/0xb8 suspend_devices_and_enter+0x510/0x540 pm_suspend+0x16c/0x1d8 The warning occurs because generic_handle_irq() is being called ... • https://git.kernel.org/stable/c/0474cc8489bda9a8cd6a10252e7e6af29c849438 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43310 – media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
https://notcve.org/view.php?id=CVE-2026-43310
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produce corrupted pictures, even potentially lead to system hang. [ 110.527986] hantro-vpu 38310000.video-codec: frame decode timed out. [ 110.583517] hantro-vpu 38310000.video-codec: bus error detected. Therefore, it is... • https://git.kernel.org/stable/c/cb5dd5a0fa518dff14ff2b90837c3c8f98f4dd5c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2026-43309 – md raid: fix hang when stopping arrays with metadata through dm-raid
https://notcve.org/view.php?id=CVE-2026-43309
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices) - The top-level RAID device is then removed Removing the top-level devi... • https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43308 – btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2026-43308
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error and log an error message. • https://git.kernel.org/stable/c/5d4f98a28c7d334091c1b7744f48a1acdd2a4ae0 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43304 – libceph: define and enforce CEPH_MAX_KEY_LEN
https://notcve.org/view.php?id=CVE-2026-43304
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- ... • https://git.kernel.org/stable/c/cd1a677cad994021b19665ed476aea63f5d54f31 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43303 – mm/page_alloc: clear page->private in free_pages_prepare()
https://notcve.org/view.php?id=CVE-2026-43303
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don't clear it before freeing pages. When these pages are later allocated as high-order pages and split via split_page(), tail pages retain stale page->private values. This causes a use-after-free in the swap subsystem. The swap code uses page->private to track swap count continuations, assuming freshly allocated page... • https://git.kernel.org/stable/c/3b8000ae185cb068adbda5f966a3835053c85fd4 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43302 – drm/v3d: Set DMA segment size to avoid debug warnings
https://notcve.org/view.php?id=CVE-2026-43302
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length. DMA-API: v3d 1002000000.v3d: mapping sg segment longer than dev... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43299 – btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
https://notcve.org/view.php?id=CVE-2026-43299
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO (this part is expected, although the ENOSPC bug still needs to be addressed). The problem is after the RO flip, if there is a read repair pending, we can hit the ASSERT() inside btrfs_repair_io_failure() like the following: BTRFS info (device vdc): relocating block grou... • https://git.kernel.org/stable/c/908960c6c0fb3b3ce3971dc0ca47b581d256b968 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43298 – drm/amdgpu: Skip vcn poison irq release on VF
https://notcve.org/view.php?id=CVE-2026-43298
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. [ 71.913601] [drm] clean up the vf2pf work item [ 71.915088] ------------[ cut here ]------------ [ 71.915092] WARNING: CPU: 3 PID: 1079 at /tmp/amd.aFkFvSQl/amd/amdgpu/amdgpu_irq.c:641 amdgpu_irq_put+0xc6/0xe0 [amdgpu] [ 71.915355] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amd... • https://git.kernel.org/stable/c/46d75d23005f87057881c460a94f9357d079087f •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43296 – octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
https://notcve.org/view.php?id=CVE-2026-43296
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clea... • https://git.kernel.org/stable/c/5d9b976d4480dc0dcfa3719b645636d2f0f9f156 • CWE-667: Improper Locking •