CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43387 – staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()
https://notcve.org/view.php?id=CVE-2026-43387
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so we should check the length better before acting on it • https://git.kernel.org/stable/c/554c0a3abf216c991c5ebddcdb2c08689ecd290b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43386 – staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie
https://notcve.org/view.php?id=CVE-2026-43386
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie The current code checks 'i + 5 < in_len' at the end of the if statement. However, it accesses 'in_ie[i + 5]' before that check, which can lead to an out-of-bounds read. Move the length check to the beginning of the conditional to ensure the index is within bounds before accessing the array. • https://git.kernel.org/stable/c/554c0a3abf216c991c5ebddcdb2c08689ecd290b •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43383 – net/tcp-md5: Fix MAC comparison to be constant-time
https://notcve.org/view.php?id=CVE-2026-43383
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. • https://git.kernel.org/stable/c/cfb6eeb4c860592edd123fdea908d23c6ad1c7dc •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2026-43382 – batman-adv: Avoid double-rtnl_lock ELP metric worker
https://notcve.org/view.php?id=CVE-2026-43382
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock w... • https://git.kernel.org/stable/c/a0019971f340ae02ba54cf1861f72da7e03e6b66 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43381 – nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
https://notcve.org/view.php?id=CVE-2026-43381
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: L... • https://git.kernel.org/stable/c/8894f4919bc43f821775db2cfff4b917871b2102 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43380 – hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
https://notcve.org/view.php?id=CVE-2026-43380
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read The q54sj108a2_debugfs_read function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex(). The function currently passes 'data' as the destination and 'data_char' as the source. Because bin2hex() converts each input byte into two hex characters, a 32-byte block read results in 64 bytes of output. Since 'data' is only 34 bytes (I2C_SMBUS_BLOCK_MAX + 2... • https://git.kernel.org/stable/c/d014538aa38561cd24c5eb228223585f26c5ec71 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43378 – smb: server: fix use-after-free in smb2_open()
https://notcve.org/view.php?id=CVE-2026-43378
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43377 – ksmbd: Don't log keys in SMB3 signing and encryption key generation
https://notcve.org/view.php?id=CVE-2026-43377
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43373 – net: ncsi: fix skb leak in error paths
https://notcve.org/view.php?id=CVE-2026-43373
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed. • https://git.kernel.org/stable/c/138635cc27c9737f940c3aa80912ff7a61c825af • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43370 – drm/amdgpu: Fix use-after-free race in VM acquire
https://notcve.org/view.php?id=CVE-2026-43370
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). (cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618) • https://git.kernel.org/stable/c/ede0dd86f45adf2b7083bb161f6bc81da5fe2bad • CWE-416: Use After Free •