CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43401 – cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()
https://notcve.org/view.php?id=CVE-2026-43401
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issue occurs on systems booted with the "nosmt" parameter, where all_cpu_data[cpu] is NULL for the SMT sibling threads. As a result, any call to update_qos_requests() will result in a NULL pointer dereference... • https://git.kernel.org/stable/c/ae1bdd23b99f64335c69d546bff99ca39b894c18 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43400 – drm/amdgpu: add upper bound check on user inputs in signal ioctl
https://notcve.org/view.php?id=CVE-2026-43400
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM and could be exploited. So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM. (cherry picked from commit be267e15f99bc97cbe202cd556717797cdcf79a5) • https://git.kernel.org/stable/c/a292fdecd72834b3bec380baa5db1e69e7f70679 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43399 – drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl
https://notcve.org/view.php?id=CVE-2026-43399
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. (cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd27) • https://git.kernel.org/stable/c/a292fdecd72834b3bec380baa5db1e69e7f70679 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43398 – drm/amdgpu: add upper bound check on user inputs in wait ioctl
https://notcve.org/view.php?id=CVE-2026-43398
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited. So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM. v2: squash in Srini's fix (cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476) • https://git.kernel.org/stable/c/a292fdecd72834b3bec380baa5db1e69e7f70679 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43397 – drm/bridge: samsung-dsim: Fix memory leak in error path
https://notcve.org/view.php?id=CVE-2026-43397
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the bridge. However, if samsung_dsim_register_te_irq() or pdata->host_ops->attach() fails afterwards, the function returns without removing the bridge, causing a memory leak. Fix this by adding proper error handling with goto labels to ensure drm_bridge_remove() is called in all error paths. Also ensure that samsung_dsim_... • https://git.kernel.org/stable/c/e7447128ca4a250374d6721ee98e3e3cf99551a6 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43396 – drm/xe/sync: Fix user fence leak on alloc failure
https://notcve.org/view.php?id=CVE-2026-43396
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0) • https://git.kernel.org/stable/c/0995c2fc39b0f998d40f5d276f67ae22fc1c37c3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43395 – drm/xe/sync: Cleanup partially initialized sync on parse failure
https://notcve.org/view.php?id=CVE-2026-43395
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those paths returned directly, leaving partially initialized state and leaking refs. Route these error paths through a common free_sync label and call xe_sync_entry_cleanup(sync) before returning the error. (cherry picked from commit f939bd... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43394 – nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().
https://notcve.org/view.php?id=CVE-2026-43394
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). As we can see from other callers, svc_xprt_create_from_sa() does not require the extra refcount. nfsd_nl_listener_set_doit() is always in the process context, sendmsg(), and current->cred does not go away. Let's use current_cred() in nfsd_nl_listener_set_doit(). • https://git.kernel.org/stable/c/16a471177496c8e04a9793812c187a2c1a2192fa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43393 – btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies()
https://notcve.org/view.php?id=CVE-2026-43393
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL, we're not freeing the chunk map that we've just looked up. • https://git.kernel.org/stable/c/0ae653fbec2b9fbc72c65a0c99528990bfb2136d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43392 – sched_ext: Fix starvation of scx_enable() under fair-class saturation
https://notcve.org/view.php?id=CVE-2026-43392
08 May 2026 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix starvation of scx_enable() under fair-class saturation During scx_enable(), the READY -> ENABLED task switching loop changes the calling thread's sched_class from fair to ext. Since fair has higher priority than ext, saturating fair-class workloads can indefinitely starve the enable thread, hanging the system. This was introduced when the enable path switched from preempt_disable() to scx_bypass() which doesn't protect agains... • https://git.kernel.org/stable/c/8c2090c504e998c8f34ec870bae71dafcc96a6e0 •