CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43273 – ceph: supply snapshot context in ceph_zero_partial_object()
https://notcve.org/view.php?id=CVE-2026-43273
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ceph: supply snapshot context in ceph_zero_partial_object() The ceph_zero_partial_object function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots. Reproducer: ../src/vstart.sh --new -x --localhost --bluestore ./bin/ceph auth caps client.fs_a mds 'allow rwps fsname=a' mon 'allow r fsname=a' osd 'allow rw tag cephfs data=a' mount -t ceph fs_a@.a=/ /mnt/mycephfs/ -o conf=.... • https://git.kernel.org/stable/c/ad7a60de882aca31afb58721db166f7e77afcd92 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43271 – md-cluster: fix NULL pointer dereference in process_metadata_update
https://notcve.org/view.php?id=CVE-2026-43271
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in process_metadata_update The function process_metadata_update() blindly dereferences the 'thread' pointer (acquired via rcu_dereference_protected) within the wait_event() macro. While the code comment states "daemon thread must exist", there is a valid race condition window during the MD array startup sequence (md_run): 1. bitmap_load() is called, which invokes md_cluster_ops->join(). 2. join() sta... • https://git.kernel.org/stable/c/0ba959774e93911caff596de6391f085fb640ac4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43270 – media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
https://notcve.org/view.php?id=CVE-2026-43270
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() In mtk_mdp_probe(), vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak. • https://git.kernel.org/stable/c/c8eb2d7e8202fd9cb912f5d33cc34ede66dcb24a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43269 – drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
https://notcve.org/view.php?id=CVE-2026-43269
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The atomic_destroy_state callback only put the framebuffer. Use the __drm_atomic_helper_plane_destroy_state() function to put all the objects that are no longer needed. It has been seen after hours of usage of a graphics application or using kmemleak: unreferenced object 0xc63a... • https://git.kernel.org/stable/c/2389fc1305fc1e2cf8b310a75463fefd3058bf48 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43268 – hfsplus: pretend special inodes as regular files
https://notcve.org/view.php?id=CVE-2026-43268
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/ S_IFIFO/S_IFSOCK type, use S_IFREG for special inodes. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43266 – EFI/CPER: don't go past the ARM processor CPER record buffer
https://notcve.org/view.php?id=CVE-2026-43266
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the section_length is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM processor CPER record stating that a section length is big, kernel will blindly trust section_length, producing a very long dump. For instance, a 67 bytes record with ERR_INFO_NUM set 46198 and section length set to 85491... • https://git.kernel.org/stable/c/2f74f09bce4f8d0236f20174a6daae63e10fe733 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43264 – fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
https://notcve.org/view.php?id=CVE-2026-43264
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: fbdev: of: display_timing: fix refcount leak in of_get_display_timings() of_parse_phandle() returns a device_node with refcount incremented, which is stored in 'entry' and then copied to 'native_mode'. When the error paths at lines 184 or 192 jump to 'entryfail', native_mode's refcount is not decremented, causing a refcount leak. Fix this by changing the goto target from 'entryfail' to 'timingfail', which properly calls of_node_put(native_m... • https://git.kernel.org/stable/c/cc3f414cf2e404130584b63d373161ba6fd24bc2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43262 – gfs2: fiemap page fault fix
https://notcve.org/view.php?id=CVE-2026-43262
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page fault. Fix by disabling page faults for iomap_fiemap() and faulting in the buffer by hand if necessary. Fixes xfstest generic/742. • https://git.kernel.org/stable/c/e9079cce201784632aed4b1a3121ee38c1ced0b6 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2026-43261 – arm64: Add support for TSV110 Spectre-BHB mitigation
https://notcve.org/view.php?id=CVE-2026-43261
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB (Branch History Buffer) attack, which can be exploited to leak information through branch prediction side channels. This commit adds the MIDR of TSV110 to the list for software mitigation. • https://git.kernel.org/stable/c/e192c8baa69ac8a5585d61ac535aa1e5eb795e80 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43258 – alpha: fix user-space corruption during memory compaction
https://notcve.org/view.php?id=CVE-2026-43258
06 May 2026 — In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned tcache chunk"), and compiler internal errors. The failures disappear when compaction is disabled or when using global TLB invalidation. The root cause is insufficient TLB shootdown during page migration. Alpha ... • https://git.kernel.org/stable/c/a48d07afdf18212de22b959715b16793c5a6e57a • CWE-787: Out-of-bounds Write •