CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43317 – most: core: fix leak on early registration failure
https://notcve.org/view.php?id=CVE-2026-43317
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources associated with the interface. Fix up also the first error path so that the interface is always released on errors. • https://git.kernel.org/stable/c/723de0f9171eeb49a3ae98cae82ebbbb992b3a7c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43316 – media: solo6x10: Check for out of bounds chip_id
https://notcve.org/view.php?id=CVE-2026-43316
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chip_id Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type (literal "1" is an "int") could end up being shifted beyond 32 bits, so instrumentation was added (and due to the double is_tw286x() call seen via inlining), Clang decides the second one must now be undefined behavior and elides the rest of the function[1]. This is a known problem with Clang (that is still being worked on... • https://git.kernel.org/stable/c/faa4fd2a09517b39cc1f5d622453f97a59acfdac •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43314 – dm: remove fake timeout to avoid leak request
https://notcve.org/view.php?id=CVE-2026-43314
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 ("blk-mq: move failure injection out of blk_mq_complete_request"), drivers are responsible for calling blk_should_fake_timeout() at appropriate code paths and opportunities. However, the dm driver does not implement its own timeout handler and relies on the timeout handling of its slave devices. If an io-timeout-fail error is injected to a dm device, the request will be... • https://git.kernel.org/stable/c/e6ee8c0b767540f59e20da3ced282601db8aa502 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43313 – ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
https://notcve.org/view.php?id=CVE-2026-43313
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2026-43309 – md raid: fix hang when stopping arrays with metadata through dm-raid
https://notcve.org/view.php?id=CVE-2026-43309
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed device tree is suspended from top to bottom (the top-level RAID device is suspended first, followed by its underlying metadata and data devices) - The top-level RAID device is then removed Removing the top-level devi... • https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43308 – btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2026-43308
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error and log an error message. • https://git.kernel.org/stable/c/5d4f98a28c7d334091c1b7744f48a1acdd2a4ae0 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43302 – drm/v3d: Set DMA segment size to avoid debug warnings
https://notcve.org/view.php?id=CVE-2026-43302
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length. DMA-API: v3d 1002000000.v3d: mapping sg segment longer than dev... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43299 – btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
https://notcve.org/view.php?id=CVE-2026-43299
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO (this part is expected, although the ENOSPC bug still needs to be addressed). The problem is after the RO flip, if there is a read repair pending, we can hit the ASSERT() inside btrfs_repair_io_failure() like the following: BTRFS info (device vdc): relocating block grou... • https://git.kernel.org/stable/c/908960c6c0fb3b3ce3971dc0ca47b581d256b968 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43296 – octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
https://notcve.org/view.php?id=CVE-2026-43296
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between sticky and non-sticky transmissions. There is also a credit drop issue observed when certain condition clocks are gated. work around these hardware errata by: - Disabling SQM sticky operation: - Clear TM6 (bit 15) - Clea... • https://git.kernel.org/stable/c/5d9b976d4480dc0dcfa3719b645636d2f0f9f156 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43295 – rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
https://notcve.org/view.php?id=CVE-2026-43295
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer. • https://git.kernel.org/stable/c/e6b585ca6e81badeb3d42db3cc408174f2826034 •