CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43301 – media: chips-media: wave5: Fix PM runtime usage count underflow
https://notcve.org/view.php?id=CVE-2026-43301
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in the remove path to properly pair with pm_runtime_use_autosuspend() from probe. This allows pm_runtime_disable() to handle reference count cleanup correctly regardless of current suspend state. The driver calls pm_runtime_put_sync() unconditionally in remove, but the device may already be suspended due to au... • https://git.kernel.org/stable/c/9707a6254a8a6b978bde811a44fe07d86c229d1c • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43300 – drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
https://notcve.org/view.php?id=CVE-2026-43300
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() In jdi_panel_dsi_remove(), jdi is explicitly checked, indicating that it may be NULL: if (!jdi) mipi_dsi_detach(dsi); However, when jdi is NULL, the function does not return and continues by calling jdi_panel_disable(): err = jdi_panel_disable(&jdi->base); Inside jdi_panel_disable(), jdi is dereferenced unconditionally, which can lead to a NULL-pointer dereference:... • https://git.kernel.org/stable/c/25205087df1ffe06ccea9302944ed1f77dc68c6f • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43299 – btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
https://notcve.org/view.php?id=CVE-2026-43299
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO (this part is expected, although the ENOSPC bug still needs to be addressed). The problem is after the RO flip, if there is a read repair pending, we can hit the ASSERT() inside btrfs_repair_io_failure() like the following: BTRFS info (device vdc): relocating block grou... • https://git.kernel.org/stable/c/908960c6c0fb3b3ce3971dc0ca47b581d256b968 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43298 – drm/amdgpu: Skip vcn poison irq release on VF
https://notcve.org/view.php?id=CVE-2026-43298
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. [ 71.913601] [drm] clean up the vf2pf work item [ 71.915088] ------------[ cut here ]------------ [ 71.915092] WARNING: CPU: 3 PID: 1079 at /tmp/amd.aFkFvSQl/amd/amdgpu/amdgpu_irq.c:641 amdgpu_irq_put+0xc6/0xe0 [amdgpu] [ 71.915355] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amd... • https://git.kernel.org/stable/c/46d75d23005f87057881c460a94f9357d079087f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43297 – media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()
https://notcve.org/view.php?id=CVE-2026-43297
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() rga_get_frame() can return ERR_PTR(-EINVAL) when buffer type is unsupported or invalid. rga_buf_init() does not check the return value and unconditionally dereferences the pointer when accessing f->size. Add proper ERR_PTR checking and return the error to prevent dereferencing an invalid pointer. • https://git.kernel.org/stable/c/6040702ade234c8212dcfdef85e2f5549aa2f0f5 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43296 – octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
https://notcve.org/view.php?id=CVE-2026-43296
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clea... • https://git.kernel.org/stable/c/5d9b976d4480dc0dcfa3719b645636d2f0f9f156 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43295 – rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2026-43295
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer. • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43294 – drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
https://notcve.org/view.php?id=CVE-2026-43294
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b ("clk: renesas: r9a07g044: Add MSTOP for RZ/G2L") we may get the following kernel panic, for some panels, when rebooting: systemd-shutdown[1]: Rebooting. Call trace: ... do_serror+0x28/0x68 el1h_64_error_handler+0x34/0x50 el1h_64_error+0x6c/0x70 rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P) mipi_dsi_device_transfer+0x44/0x58 mipi_dsi_dcs_... • https://git.kernel.org/stable/c/7a043f978ed1433bddb088a732e9bb91501ebd76 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43293 – media: chips-media: wave5: Fix kthread worker destruction in polling mode
https://notcve.org/view.php?id=CVE-2026-43293
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode (irq < 0) to prevent kernel warnings during module removal. Cancel the hrtimer before destroying the kthread worker to ensure work queues are empty. In polling mode, the driver uses hrtimer to periodically trigger wave5_vpu_timer_callback() which queues work via kthread_queue_work(). The kthread_destroy_worker() function validates... • https://git.kernel.org/stable/c/ed7276ed2fd02208bfca9f222ef1e7b2743d710d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43292 – mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
https://notcve.org/view.php?id=CVE-2026-43292
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge_list without rescheduling can cause the task to hold CPU for extended periods (10+ seconds), leading to RCU stalls and potential OOM conditions. The issue manifests in purge_vmap_node() -> kasan_release_vmall... • https://git.kernel.org/stable/c/282631cb2447318e2a55b41a665dbe8571c46d70 •