CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43288 – ext4: move ext4_percpu_param_init() before ext4_mb_init()
https://notcve.org/view.php?id=CVE-2026-43288
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4_percpu_param_init() before ext4_mb_init() When running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the `DOUBLE_CHECK` macro defined, the following panic is triggered: ================================================================== EXT4-fs error (device vdc): ext4_validate_block_bitmap:423: comm mount: bg 0: bad block bitmap checksum BUG: unable to handle page fault for address: ff110000fa2cc000 PGD 3e01067 P4D 3e02067... • https://git.kernel.org/stable/c/d5e03cbb0c88cd1be39f2adc37d602230045964b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43287 – drm: Account property blob allocations to memcg
https://notcve.org/view.php?id=CVE-2026-43287
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that ... • https://git.kernel.org/stable/c/e2f5d2ea479b9b2619965d43db70939589afe43a •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2026-43284 – xfrm: esp: avoid in-place decrypt on shared skb frags
https://notcve.org/view.php?id=CVE-2026-43284
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinar... • https://git.kernel.org/stable/c/cac2661c53f35cbe651bef9b07026a5a05ab8ce0 • CWE-123: Write-what-where Condition •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-71292 – jfs: nlink overflow in jfs_rename
https://notcve.org/view.php?id=CVE-2025-71292
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first directory is first incremented and later decremented. Normally this is fine, but when nlink = -1 this causes a wrap around to 0, and then drop_nlink issues a warning. After applying the patch syzbot no longer issues any warnings. I also ra... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-71287 – memory: mtk-smi: fix device leak on larb probe
https://notcve.org/view.php?id=CVE-2025-71287
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind. • https://git.kernel.org/stable/c/cc8bbe1a83128ad06457e4dc69907c4f9a6fc1a7 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43283 – net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
https://notcve.org/view.php?id=CVE-2026-43283
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv->rx_buf.alloc_phys. • https://git.kernel.org/stable/c/6af55ff52b02d492d45db88df3e461fa51a6f753 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43281 – mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
https://notcve.org/view.php?id=CVE-2026-43281
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the corresponding mailbox controller does not provide `fw_xlate` and of_xlate` function pointers, `fw_mbox_index_xlate()` will be used by default and out-of-bounds accesses could occur due to lack of bounds check in that functi... • https://git.kernel.org/stable/c/2b6d83e2b8b7de82331a6a1dcd64b51020a6031c • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43279 – ALSA: usb-audio: Add sanity check for OOB writes at silencing
https://notcve.org/view.php?id=CVE-2026-43279
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But when the setup in the capture stream differs from the playback stream (e.g. due to the USB core limitation of max packet size), such an inconsistency may lead to OOB writes to the buffer, resulting in a crash. For addr... • https://git.kernel.org/stable/c/c75a8a7ae565d7cd9baa87a504ba9162e355b4b0 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43277 – APEI/GHES: ensure that won't go past CPER allocated record
https://notcve.org/view.php?id=CVE-2026-43277
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghes_new() prevents allocating too large records, by checking if they're bigger than GHES_ESTATUS_MAX_SIZE (currently, 64KB). Yet, the allocation is done with the actual number of pages from the CPER bios table location, which can be smaller. Yet, a bad firmware could send data with a different size, which might be bigger than the allocated memory, causing an OOPS: Unab... • https://git.kernel.org/stable/c/d334a49113a4a33109fd24e46073280ecd1bea0d •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43275 – scsi: ufs: core: Flush exception handling work when RPM level is zero
https://notcve.org/view.php?id=CVE-2026-43275
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state both remain active. Previously, the UFS core driver bypassed flushing exception event handling jobs in this configuration. This created a race condition where the... • https://git.kernel.org/stable/c/57d104c153d3d6d7bea60089e80f37501851ed2c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •