CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43383 – net/tcp-md5: Fix MAC comparison to be constant-time
https://notcve.org/view.php?id=CVE-2026-43383
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. • https://git.kernel.org/stable/c/cfb6eeb4c860592edd123fdea908d23c6ad1c7dc •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2026-43382 – batman-adv: Avoid double-rtnl_lock ELP metric worker
https://notcve.org/view.php?id=CVE-2026-43382
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock w... • https://git.kernel.org/stable/c/a0019971f340ae02ba54cf1861f72da7e03e6b66 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43381 – nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
https://notcve.org/view.php?id=CVE-2026-43381
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: L... • https://git.kernel.org/stable/c/8894f4919bc43f821775db2cfff4b917871b2102 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43380 – hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
https://notcve.org/view.php?id=CVE-2026-43380
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read The q54sj108a2_debugfs_read function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex(). The function currently passes 'data' as the destination and 'data_char' as the source. Because bin2hex() converts each input byte into two hex characters, a 32-byte block read results in 64 bytes of output. Since 'data' is only 34 bytes (I2C_SMBUS_BLOCK_MAX + 2... • https://git.kernel.org/stable/c/d014538aa38561cd24c5eb228223585f26c5ec71 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43373 – net: ncsi: fix skb leak in error paths
https://notcve.org/view.php?id=CVE-2026-43373
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed. • https://git.kernel.org/stable/c/138635cc27c9737f940c3aa80912ff7a61c825af • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43370 – drm/amdgpu: Fix use-after-free race in VM acquire
https://notcve.org/view.php?id=CVE-2026-43370
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). (cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618) • https://git.kernel.org/stable/c/ede0dd86f45adf2b7083bb161f6bc81da5fe2bad • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43363 – x86/apic: Disable x2apic on resume if the kernel expects so
https://notcve.org/view.php?id=CVE-2026-43363
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or for other reasons. This causes the kernel to continue using the xapic interface, while the hardware is in x2apic mode, which causes hangs. This happens on defconfig + bare metal + s2ram. Fix this in lapic_resume() by... • https://git.kernel.org/stable/c/6e1cb38a2aef7680975e71f23de187859ee8b158 •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43362 – smb: client: fix in-place encryption corruption in SMB2_write()
https://notcve.org/view.php?id=CVE-2026-43362
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov. smb3_init_transform_rq() pointer-shares rq_iov, so crypt_message() encrypts iov[1] in-place, replacing the original plaintext with ciphertext. On a replayable error, the retry sends the same iov[1] which now contains ciphertext instead of the original data, resulting in corruption. The corruption is most likely t... • https://git.kernel.org/stable/c/026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43361 – btrfs: fix transaction abort when snapshotting received subvolumes
https://notcve.org/view.php?id=CVE-2026-43361
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotting a previously received snapshot a bunch of times until we reach a BTRFS_UUID_KEY_RECEIVED_SUBVOL item overflow (the maximum item size we can store in a leaf). This is very likely not common in practice, but if it happens, it turns the filesystem into RO mode. The snapshot, send and set_received_subvol and subvol... • https://git.kernel.org/stable/c/dd5f9615fc5c5e8d3751aab3a17b92768fb1ce70 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43359 – btrfs: fix transaction abort on set received ioctl due to item overflow
https://notcve.org/view.php?id=CVE-2026-43359
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction since we did some metadata updates before. This means that if a user calls this ioctl with the same received UUID field for a lot of subvolumes, we will hit the overflow, trigger the transaction abort and turn the filesystem ... • https://git.kernel.org/stable/c/dd5f9615fc5c5e8d3751aab3a17b92768fb1ce70 • CWE-191: Integer Underflow (Wrap or Wraparound) •