CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43273 – ceph: supply snapshot context in ceph_zero_partial_object()
https://notcve.org/view.php?id=CVE-2026-43273
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ceph: supply snapshot context in ceph_zero_partial_object() The ceph_zero_partial_object function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots. Reproducer: ../src/vstart.sh --new -x --localhost --bluestore ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a' mount -t ceph fs_a@.a=/ /mnt/mycephfs/ -o conf=.... • https://git.kernel.org/stable/c/ad7a60de882aca31afb58721db166f7e77afcd92 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43269 – drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
https://notcve.org/view.php?id=CVE-2026-43269
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The atomic_destroy_state callback only put the framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function to put all the objects that are no longer needed. It has been seen after hours of usage of a graphics application or using kmemleak: unreferenced object 0xc63a... • https://git.kernel.org/stable/c/2389fc1305fc1e2cf8b310a75463fefd3058bf48 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43268 – hfsplus: pretend special inodes as regular files
https://notcve.org/view.php?id=CVE-2026-43268
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/ S_IFIFO/S_IFSOCK type, use S_IFREG for special inodes. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43264 – fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
https://notcve.org/view.php?id=CVE-2026-43264
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_m... • https://git.kernel.org/stable/c/cc3f414cf2e404130584b63d373161ba6fd24bc2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43262 – gfs2: fiemap page fault fix
https://notcve.org/view.php?id=CVE-2026-43262
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page fault. Fix by disabling page faults for iomap_fiemap() and faulting in the buffer by hand if necessary. Fixes xfstest generic/742. • https://git.kernel.org/stable/c/e9079cce201784632aed4b1a3121ee38c1ced0b6 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43258 – alpha: fix user-space corruption during memory compaction
https://notcve.org/view.php?id=CVE-2026-43258
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned tcache chunk"), and compiler internal errors. The failures disappear when compaction is disabled or when using global TLB invalidation. The root cause is insufficient TLB shootdown during page migration. Alpha ... • https://git.kernel.org/stable/c/a48d07afdf18212de22b959715b16793c5a6e57a • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43257 – media: cx88: Add missing unmap in snd_cx88_hw_params()
https://notcve.org/view.php?id=CVE-2026-43257
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in snd_cx88_hw_params() In error path, add cx88_alsa_dma_unmap() to release resource acquired by cx88_alsa_dma_map(). • https://git.kernel.org/stable/c/b2c75abde0debfb824f72845c3ed77d4b66798a0 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43255 – wifi: libertas: fix WARNING in usb_tx_block
https://notcve.org/view.php?id=CVE-2026-43255
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usb_tx_block The function usb_tx_block() submits cardp->tx_urb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active (e.g. during rapid firmware loading), usb_submit_urb() detects the active state and triggers a warning: 'URB submitted while active'. Fix this by enforcing serialization: call usb_kill_urb() before submitting the new requ... • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43251 – HID: prodikeys: Check presence of pm->input_ep82
https://notcve.org/view.php?id=CVE-2026-43251
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm->input_ep82 Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, pm->input_ep82 stays NULL, which leads to a crash later. This does not happen with the real device, but can be provoked by imposing as one. • https://git.kernel.org/stable/c/3a370ca1dcf8c80aff7a0a21d6b0f50ca2a151e9 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43250 – usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
https://notcve.org/view.php?id=CVE-2026-43250
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs because _ep_nuke() returns requests to the gadget layer without properly unmapping DMA buffers or cleaning up scatter-gather bounce buffers. Root cause: When a disconnect happens during a multi-segment DMA transfer, ... • https://git.kernel.org/stable/c/aa69a8093ff985873cb44fe1157bd6db29a20fe4 • CWE-787: Out-of-bounds Write •