CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43419 – ceph: fix memory leaks in ceph_mdsc_build_path()
https://notcve.org/view.php?id=CVE-2026-43419
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer obtained by __getname(). If ownership of this pointer is not passed to the caller via path_info.path, the function must free it before returning. • https://git.kernel.org/stable/c/3fd945a79e147ee10f84213976889b29049c3519 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43416 – powerpc, perf: Check that current->mm is alive before getting user callchain
https://notcve.org/view.php?id=CVE-2026-43416
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current->mm, similarly to commit 20afc60f892d ("x86, perf: Check that current->mm is alive before getting user callchain"). I was getting this panic when running a profiling BPF program (profile.py from bcc-tools): [26215.051935] Kernel attempted to read user page (... • https://git.kernel.org/stable/c/20002ded4d937ca87aca6253b874920a96a763c4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43415 – scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend
https://notcve.org/view.php?id=CVE-2026-43415
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel the UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op, POST_CHANGE). This creates a race condition where ufshcd_rtc_work() can still be running while ufshcd_vops_suspend() is executing. When UFSHCD_CAP_CLK_GATING is not supported, the condition !hba->clk_gating.active_reqs is always t... • https://git.kernel.org/stable/c/06701a545e9a3c4e007cff6872a074bf97c40619 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2026-43414 – scsi: qla2xxx: Completely fix fcport double free
https://notcve.org/view.php?id=CVE-2026-43414
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference. qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea. • https://git.kernel.org/stable/c/4895009c4bb72f71f2e682f1e7d2c2d96e482087 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43413 – scsi: hisi_sas: Fix NULL pointer exception during user_scan()
https://notcve.org/view.php?id=CVE-2026-43413
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix NULL pointer exception during user_scan() user_scan() invokes updated sas_user_scan() for channel 0, and if successful, iteratively scans remaining channels (1 to shost->max_channel) via scsi_scan_host_selected() in commit 37c4e72b0651 ("scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans"). However, hisi_sas supports only one channel, and the current value of max_channel is 1. sas_user_scan() for channe... • https://git.kernel.org/stable/c/e21fe3a52692f554efd67957c772c702de627a3a •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43412 – ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start
https://notcve.org/view.php?id=CVE-2026-43412
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads topology and removes PCM runtimes during ASoC teardown. This deletes the RTDs that contain the q6apm DAI components before their removal pass runs, leaving those components still linked to the card and causing crash... • https://git.kernel.org/stable/c/5477518b8a0e8a45239646acd80c9bafc4401522 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43411 – tipc: fix divide-by-zero in tipc_sk_filter_connect()
https://notcve.org/view.php?id=CVE-2026-43411
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix divide-by-zero in tipc_sk_filter_connect() A user can set conn_timeout to any value via setsockopt(TIPC_CONN_TIMEOUT), including values less than 4. When a SYN is rejected with TIPC_ERR_OVERLOAD and the retry path in tipc_sk_filter_connect() executes: delay %= (tsk->conn_timeout / 4); If conn_timeout is in the range [0, 3], the integer division yields 0, and the modulo operation triggers a divide-by-zero exception, causing a kerne... • https://git.kernel.org/stable/c/6787927475e52f6933e3affce365dabb2aa2fadf •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43409 – kprobes: avoid crash when rmmod/insmod after ftrace killed
https://notcve.org/view.php?id=CVE-2026-43409
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe probes. BUG: unable to handle page fault for address: fffffbfff805000d PGD 817fcc067 P4D 817fcc067 PUD 817fc8067 PMD 101555067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI CPU: 4 UID: 0 PID: 2012 Comm: rmmod Tainted: G W OE Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE RIP: 0010... • https://git.kernel.org/stable/c/ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43408 – ceph: add a bunch of missing ceph_path_info initializers
https://notcve.org/view.php?id=CVE-2026-43408
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_info parameter, or else the following ceph_mdsc_free_path_info() may crash. Example crash (on Linux 6.18.12): virt_to_cache: Object is not a Slab page! WARNING: CPU: 184 PID: 2871736 at mm/slub.c:6732 kmem_cache_free+0x316/0x400 [...] Call Trace: [...] ceph_open+0x13d/0x3e0 do_dentry_open+0x134/0x480 vfs_open+0x2a... • https://git.kernel.org/stable/c/db378e6f83ec705c6091c65d482d555edc2b0a72 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43407 – libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
https://notcve.org/view.php?id=CVE-2026-43407
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_auth_reply() that can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In ceph_handle_auth_reply(), the value of the payload_len field of such a message is stored in a variable of type int. A value greater than INT_MAX leads to an integer overflow and is interpreted as a negative value. This leads to decremen... • https://git.kernel.org/stable/c/4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc •