CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2026-46333 – ptrace: slightly saner 'get_dumpable()' logic
https://notcve.org/view.php?id=CVE-2026-46333
15 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely ind... • https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43490 – ksmbd: validate inherited ACE SID length
https://notcve.org/view.php?id=CVE-2026-43490
15 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that the variable-length SID described by sid.num_subauth is fully contained in the ACE. A malformed inheritable ACE can advertise more subauthorities than are present in the ACE. compare_sids() may then read past th... • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43488 – usb: xhci: Prevent interrupt storm on host controller error (HCE)
https://notcve.org/view.php?id=CVE-2026-43488
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhci_irq() function and causes an interrupt storm (since the interrupt isn’t cleared), leading to severe system-level faults. When the xHC controller reports HCE in the interrupt handler, the driver only logs a warning and assumes xHC act... • https://git.kernel.org/stable/c/2a25e66d676dfb9b018abd503deed3d38a892dec •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43487 – ata: libata-core: Disable LPM on ST1000DM010-2EP102
https://notcve.org/view.php?id=CVE-2026-43487
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102 which has the same issue. • https://git.kernel.org/stable/c/7627a0edef548c4c4dea62df51cc26bfe5bbcab8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43486 – arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults
https://notcve.org/view.php?id=CVE-2026-43486
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep_get() value against the requested entry to detect no-ops. ptep_get() ORs AF/dirty from all sub-PTEs in the CONT block, so a dirty sibling can make the target appear already-dirty. When the gathered value matches entry, the function returns 0 even though the target sub-PTE still has PTE_RDONLY set in hardware. For... • https://git.kernel.org/stable/c/4602e5757bcceb231c3a13c36c373ad4a750eddb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43485 – nouveau/gsp: drop WARN_ON in ACPI probes
https://notcve.org/view.php?id=CVE-2026-43485
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless. • https://git.kernel.org/stable/c/176fdcbddfd288408ce8571c1760ad618d962096 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43484 – mmc: core: Avoid bitfield RMW for claim/retune flags
https://notcve.org/view.php?id=CVE-2026-43484
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host->claimed bit shared a word with retune flags. Writes to claimed in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite other bits when concurrent updates happen in other contexts, triggering spurious WARN_ON(!host->claimed). Convert claimed,... • https://git.kernel.org/stable/c/6c0cedd1ef9527ef13e66875746570e76a3188a7 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43483 – KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
https://notcve.org/view.php?id=CVE-2026-43483
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (de)activated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8 will remain intercepted in perpetuity. On its own, the dangling CR8 intercept is "just" a performance issue, but combined with the TPR sync bug fixed by commit d... • https://git.kernel.org/stable/c/3bbf3565f48ce3999b5a12cde946f81bd4475312 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2026-43480 – ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
https://notcve.org/view.php?id=CVE-2026-43480
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable(). Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding proper IS_ERR() checks for both clock acquisitions. • https://git.kernel.org/stable/c/6b8e4e7db3cd236a2cbb720360fb135087a2ac1d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43476 – iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
https://notcve.org/view.php?id=CVE-2026-43476
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead of the intended __be32 element size (4 bytes). Use sizeof(*meas) to correctly match the buffer element type. • https://git.kernel.org/stable/c/8f3f130852785dac0759843835ca97c3bacc2b10 •