CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43246 – media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
https://notcve.org/view.php?id=CVE-2026-43246
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906_probe() In one of the error paths in tw9906_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that by calling v4l2_ctrl_handler_free() on the handler in that error path. • https://git.kernel.org/stable/c/a000e9a02b5885b1b69f691c80e346d102f94a88 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43236 – drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release
https://notcve.org/view.php?id=CVE-2026-43236
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release The atmel_hlcdc_plane_atomic_duplicate_state() callback was copying the atmel_hlcdc_plane state structure without properly duplicating the drm_plane_state. In particular, state->commit remained set to the old state commit, which can lead to a use-after-free in the next drm_atomic_commit() call. Fix this by calling __drm_atomic_helper_duplicate_plane_state(), which correctl... • https://git.kernel.org/stable/c/2389fc1305fc1e2cf8b310a75463fefd3058bf48 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43234 – team: avoid NETDEV_CHANGEMTU event when unregistering slave
https://notcve.org/view.php?id=CVE-2026-43234
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: team: avoid NETDEV_CHANGEMTU event when unregistering slave syzbot is reporting unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3 ref_tracker: netdev@ffff88807dcf8618 has 1/2 users at __netdev_tracker_alloc include/linux/netdevice.h:4400 [inline] netdev_hold include/linux/netdevice.h:4429 [inline] inetdev_init+0x201/0x4e0 net/ipv4/devinet.c:286 inetdev_event+0x251/0x1610 net/ipv4/devinet.c:1600 notifier_call_chain... • https://git.kernel.org/stable/c/3d249d4ca7d0ed6629a135ea1ea21c72286c0d80 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43231 – media: radio-keene: fix memory leak in error path
https://notcve.org/view.php?id=CVE-2026-43231
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usb_keene_probe(). The v4l2 control handler is initialized and controls are added, but if v4l2_device_register() or video_register_device() fails afterward, the handler was never freed, leaking memory. Add v4l2_ctrl_handler_free() call in the err_v4l2 error path to ensure the control handler is properly freed for all error paths after it is initialized. • https://git.kernel.org/stable/c/1bf20c3a0c616f44359c573b533d06bae960ee45 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43230 – net/rds: Clear reconnect pending bit
https://notcve.org/view.php?id=CVE-2026-43230
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/rds: Clear reconnect pending bit When canceling the reconnect worker, care must be taken to reset the reconnect-pending bit. If the reconnect worker has not yet been scheduled before it is canceled, the reconnect-pending bit will stay on forever. • https://git.kernel.org/stable/c/00e0f34c616603ba6500f41943cbf89eb4a8a5be •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43227 – clocksource/drivers/sh_tmu: Always leave device running after probe
https://notcve.org/view.php?id=CVE-2026-43227
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/sh_tmu: Always leave device running after probe The TMU device can be used as both a clocksource and a clockevent provider. The driver tries to be smart and power itself on and off, as well as enabling and disabling its clock when it's not in operation. This behavior is slightly altered if the TMU is used as an early platform device in which case the device is left powered on after probe, but the clock is still enabled a... • https://git.kernel.org/stable/c/9570ef20423b549757aa484ad388f9a7d5bdc4d9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43223 – media: pvrusb2: fix URB leak in pvr2_send_request_ex
https://notcve.org/view.php?id=CVE-2026-43223
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_... • https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43218 – media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
https://notcve.org/view.php?id=CVE-2026-43218
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903_probe() In one of the error paths in tw9903_probe(), the memory allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that by calling v4l2_ctrl_handler_free() on the handler in that error path. • https://git.kernel.org/stable/c/0890ec19c65def8c8e445931b026e0fa8d809a34 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43216 – net: Drop the lock in skb_may_tx_timestamp()
https://notcve.org/view.php?id=CVE-2026-43216
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skb_may_tx_timestamp() skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and complete the TX timestamp from that handler. This will lead to a deadlock if the lock is already write-locked on the same CPU. Taking the lock can be avoided. • https://git.kernel.org/stable/c/b245be1f4db1a0394e4b6eb66059814b46670ac3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43209 – minix: Add required sanity checking to minix_check_superblock()
https://notcve.org/view.php?id=CVE-2026-43209
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: minix: Add required sanity checking to minix_check_superblock() The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_sup... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •