CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-31738 – vxlan: validate ND option lengths in vxlan_na_create
https://notcve.org/view.php?id=CVE-2026-31738
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlan_na_create vxlan_na_create() walks ND options according to option-provided lengths. • https://git.kernel.org/stable/c/4b29dba9c085a4fb79058fb1c45a2f6257ca3dfa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-31737 – net: ftgmac100: fix ring allocation unwind on open failure
https://notcve.org/view.php?id=CVE-2026-31737
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and rx_scratch in stages. • https://git.kernel.org/stable/c/d72e01a0430f8a1ae7adb3cbf0b2e73fcd99252e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31736 – net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled
https://notcve.org/view.php?id=CVE-2026-31736
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. • https://git.kernel.org/stable/c/73cfd947dbdb25ef9863ac49c4596a7d53ad4025 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-31735 – iommupt: Fix short gather if the unmap goes into a large mapping
https://notcve.org/view.php?id=CVE-2026-31735
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the odd behavior that it can unmap more than requested if the ending point lands within the middle of a large or contiguous IOPTE. • https://git.kernel.org/stable/c/7c53f4238aa8bfb476e177263133ead2eeb8d55d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-31734 – sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU
https://notcve.org/view.php?id=CVE-2026-31734
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU Since commit 8e4f0b1ebcf2 ("bpf: use rcu_read_lock_dont_migrate() for trampoline.c"), the BPF prolog (__bpf_prog_enter) calls migrate_disable() only when CONFIG_PREEMPT_RCU is enabled, via rcu_read_lock_dont_migrate(). • https://git.kernel.org/stable/c/8e4f0b1ebcf2180ab594f204f01279a666dadf3b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31733 – sched_ext: Fix stale direct dispatch state in ddsp_dsq_id
https://notcve.org/view.php?id=CVE-2026-31733
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix stale direct dispatch state in ddsp_dsq_id @p->scx.ddsp_dsq_id can be left set (non-SCX_DSQ_INVALID) triggering a spurious warning in mark_direct_dispatch() when the next wakeup's ops.select_cpu() calls scx_bpf_dsq_insert(), such as: WARNING: kernel/sched/ext.c:1273 at scx_dsq_insert_commit+0xcd/0x140 The root cause is that ddsp_dsq_id was only cleared in dispatch_enqueue(), which is not reached in all paths that consu... • https://git.kernel.org/stable/c/5b26f7b920f76b2b9cc398c252a9e35e44bf5bb9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-31732 – gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()
https://notcve.org/view.php?id=CVE-2026-31732
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: gpio: Fix resource leaks on errors in gpiochip_add_data_with_key() Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"), `gdev->dev.release` is unset. • https://git.kernel.org/stable/c/aab5c6f200238ac45001bec3d5494fff8438a8dc • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31731 – thermal: core: Address thermal zone removal races with resume
https://notcve.org/view.php?id=CVE-2026-31731
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermal_zone_pm_complete() and thermal_zone_device_resume() re-initialize the poll_queue delayed work for the given thermal zone, the cancel_delayed_work_sync() in thermal_zone_device_unregister() may miss some already running work items and the thermal zone may be freed prematurely [1]. • https://git.kernel.org/stable/c/5a5efdaffda5d23717d9117cf36cda9eafcf2fae • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-31730 – misc: fastrpc: possible double-free of cctx->remote_heap
https://notcve.org/view.php?id=CVE-2026-31730
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx->remote_heap fastrpc_init_create_static_process() may free cctx->remote_heap on the err_map path but does not clear the pointer. • https://git.kernel.org/stable/c/0871561055e666da421d779397efcc1e5e964cab • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-31729 – usb: typec: ucsi: validate connector number in ucsi_notify_common()
https://notcve.org/view.php?id=CVE-2026-31729
01 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTOR() is a 7-bit field (0-127) that is used to index into the connector array in ucsi_connector_change(). • https://git.kernel.org/stable/c/bdc62f2bae8fb0e8e99574de5232f0a3c54a27df • CWE-129: Improper Validation of Array Index •