CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43379 – ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
https://notcve.org/view.php?id=CVE-2026-43379
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() has been called. This creates a race condition where the memory could be freed by a concurrent writer between the unlock and the subsequent pointer dereferences (opinfo->is_lease, etc.), leading to a use-after-free. • https://git.kernel.org/stable/c/27b40b7bfcd121fe13a150ffe11957630cf49246 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43378 – smb: server: fix use-after-free in smb2_open()
https://notcve.org/view.php?id=CVE-2026-43378
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after rcu_read_unlock(), creating a use-after-free window. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43377 – ksmbd: Don't log keys in SMB3 signing and encryption key generation
https://notcve.org/view.php?id=CVE-2026-43377
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to avoid exposing credentials. • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43376 – ksmbd: fix use-after-free by using call_rcu() for oplock_info
https://notcve.org/view.php?id=CVE-2026-43376
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like opinfo_get() and proc_show_files(). Since there is no RCU grace period delay between nullifying the pointer and freeing the memory, a reader can still access oplock_info structure after it has been freed. This can leads to a use-after-free e... • https://git.kernel.org/stable/c/296cb5457cc6f4a754c4ae29855f8a253d52bcc6 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43374 – net: nexthop: fix percpu use-after-free in remove_nh_grp_entry
https://notcve.org/view.php?id=CVE-2026-43374
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() then immediately frees the removed entry's percpu stats with free_percpu(). However, the synchronize_net() grace period in the caller remove_nexthop_from_groups() runs after the free. RCU readers that entered before the publish still see the old group and can dereference ... • https://git.kernel.org/stable/c/f4676ea74b8549cd88dbfe2a592ce4530039e61f • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43373 – net: ncsi: fix skb leak in error paths
https://notcve.org/view.php?id=CVE-2026-43373
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting in a memory leak. Specifically, ncsi_aen_handler() returns on invalid AEN packets without consuming the skb. Similarly, ncsi_rcv_rsp() exits early when failing to resolve the NCSI device, response handler, or request, leaving the skb unfreed. • https://git.kernel.org/stable/c/138635cc27c9737f940c3aa80912ff7a61c825af • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43372 – net: dsa: microchip: Fix error path in PTP IRQ setup
https://notcve.org/view.php?id=CVE-2026-43372
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the ksz_ptp_irq_setup()'s error path only frees the mappings that were successfully set up. Dispose the newly created mapping if the associated request_threaded_irq() fails at setup. • https://git.kernel.org/stable/c/3b5a6115d6ea45df1ea65dc9b832b23db5d593ba •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43371 – net: macb: Shuffle the tx ring before enabling tx
https://notcve.org/view.php?id=CVE-2026-43371
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that the issue originates from a problem in the macb driver. According to the Zynq UltraScale TRM [1], when transmit is disabled, the transmit buffer queue pointer resets to point to the address specified by the transmi... • https://git.kernel.org/stable/c/d89b8b17057e16fad4564c71160e68ca549c1b42 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43370 – drm/amdgpu: Fix use-after-free race in VM acquire
https://notcve.org/view.php?id=CVE-2026-43370
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). (cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618) • https://git.kernel.org/stable/c/ede0dd86f45adf2b7083bb161f6bc81da5fe2bad • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43368 – drm/i915: Fix potential overflow of shmem scatterlist length
https://notcve.org/view.php?id=CVE-2026-43368
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may get overflowed if total byte length of pages allocated to that single scatterlist happens to reach or cross the 4GB limit. As a consequence, users of the object may suffer from hitting unexpected, premature end of ... • https://git.kernel.org/stable/c/0b62af28f249b9c4036a05acfb053058dc02e2e2 •