CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43470 – nfs: return EISDIR on nfs3_proc_create if d_alias is a dir
https://notcve.org/view.php?id=CVE-2026-43470
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splice_alias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but the original dentry we were adding and passed as parameter remains negative. This later causes an oops on nfs_atomic_open_v23/finish_open since we supply a negative dentry to do_dentry_open. This has been o... • https://git.kernel.org/stable/c/7c6c5249f061b64fc6b5b90bc147169a048691bf •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43469 – xprtrdma: Decrement re_receiving on the early exit paths
https://notcve.org/view.php?id=CVE-2026-43469
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (due to memory allocation failure, say) or otherwise exits early, we should decrement ep->re_receiving before returning. Otherwise we will hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and the completion will never be triggered. On a system with high memory pressure, this can appear as the follo... • https://git.kernel.org/stable/c/15788d1d1077ebe029c48842c738876516d85076 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43468 – net/mlx5: Fix deadlock between devlink lock and esw->wq
https://notcve.org/view.php?id=CVE-2026-43468
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw->wq esw->work_queue executes esw_functions_changed_event_handler -> esw_vfs_changed_event_handler and acquires the devlink lock. .eswitch_mode_set (acquires devlink lock in devlink_nl_pre_doit) -> mlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked -> mlx5_eswitch_event_handler_unregister -> flush_workqueue deadlocks when esw_vfs_changed_event_handler executes. Fix that by no long... • https://git.kernel.org/stable/c/f1bc646c9a06f09aad5d8bacb87103b5573ee45e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43467 – net/mlx5: Fix crash when moving to switchdev mode
https://notcve.org/view.php?id=CVE-2026-43467
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix crash when moving to switchdev mode When moving to switchdev mode when the device doesn't support IPsec, we try to clean up the IPsec resources anyway which causes the crash below, fix that by correctly checking for IPsec support before trying to clean up its resources. [27642.515799] WARNING: arch/x86/mm/fault.c:1276 at do_user_addr_fault+0x18a/0x680, CPU#4: devlink/6490 [27642.517159] Modules linked in: xt_conntrack xt_MASQU... • https://git.kernel.org/stable/c/7e212cebc863c2c7a82f480446cd731721451691 •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43466 – net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery
https://notcve.org/view.php?id=CVE-2026-43466
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqsq_cc_pc() resets dma_fifo_cc to 0 but not dma_fifo_pc, desyncing the DMA FIFO producer and consumer. After recovery, the producer pushes new DMA entries at the old dma_fifo_pc, while the consumer reads from position 0. This causes us to unmap stale DMA addresses from before the recovery. The DMA FIFO is a purely s... • https://git.kernel.org/stable/c/db75373c91b0cfb6a68ad6ae88721e4e21ae6261 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43465 – net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
https://notcve.org/view.php?id=CVE-2026-43465
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The referenced commit in the fixes tag corrected the assumption in the mlx5 driver that the XDP buffer layout doesn't change during a program execution. However, this fix introduced another issue: the dropped fragments still need to be counted on th... • https://git.kernel.org/stable/c/87bcef158ac1faca1bd7e0104588e8e2956d10be •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43464 – net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
https://notcve.org/view.php?id=CVE-2026-43464
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The referenced commit in the fixes tag corrected the assumption in the mlx5 driver that the XDP buffer layout doesn't change during a program execution. However, this fix introduced another issue: the dropped fragments still need to be counted on the ... • https://git.kernel.org/stable/c/afd5ba577c10639f62e8120df67dc70ea4b61176 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43463 – rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()
https://notcve.org/view.php?id=CVE-2026-43463
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure. (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned. • https://git.kernel.org/stable/c/72904d7b9bfbf2dd146254edea93958bc35bbbfe •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43462 – net: spacemit: Fix error handling in emac_tx_mem_map()
https://notcve.org/view.php?id=CVE-2026-43462
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing emac_free_tx_buf() function. • https://git.kernel.org/stable/c/bfec6d7f2001c7470c3cd261ae65a3ba8737f226 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43461 – spi: amlogic: spifc-a4: Fix DMA mapping error handling
https://notcve.org/view.php?id=CVE-2026-43461
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails, nothing needs cleanup. Use direct return instead of goto. 2. Double-unmap bug: When info DMA mapping failed, the code would unmap sfc->daddr inline, then fall through to out_map_data which would unmap it again, causing a double-unmap. 3. Wrong unmap size: The out... • https://git.kernel.org/stable/c/4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 •