CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2026-46333 – ptrace: slightly saner 'get_dumpable()' logic
https://notcve.org/view.php?id=CVE-2026-46333
15 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely ind... • https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43490 – ksmbd: validate inherited ACE SID length
https://notcve.org/view.php?id=CVE-2026-43490
15 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that the variable-length SID described by sid.num_subauth is fully contained in the ACE. A malformed inheritable ACE can advertise more subauthorities than are present in the ACE. compare_sids() may then read past th... • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2026-43488 – usb: xhci: Prevent interrupt storm on host controller error (HCE)
https://notcve.org/view.php?id=CVE-2026-43488
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhci_irq() function and causes an interrupt storm (since the interrupt isn’t cleared), leading to severe system-level faults. When the xHC controller reports HCE in the interrupt handler, the driver only logs a warning and assumes xHC act... • https://git.kernel.org/stable/c/2a25e66d676dfb9b018abd503deed3d38a892dec •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43487 – ata: libata-core: Disable LPM on ST1000DM010-2EP102
https://notcve.org/view.php?id=CVE-2026-43487
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102 which has the same issue. • https://git.kernel.org/stable/c/7627a0edef548c4c4dea62df51cc26bfe5bbcab8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43486 – arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults
https://notcve.org/view.php?id=CVE-2026-43486
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep_get() value against the requested entry to detect no-ops. ptep_get() ORs AF/dirty from all sub-PTEs in the CONT block, so a dirty sibling can make the target appear already-dirty. When the gathered value matches entry, the function returns 0 even though the target sub-PTE still has PTE_RDONLY set in hardware. For... • https://git.kernel.org/stable/c/4602e5757bcceb231c3a13c36c373ad4a750eddb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43485 – nouveau/gsp: drop WARN_ON in ACPI probes
https://notcve.org/view.php?id=CVE-2026-43485
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless. • https://git.kernel.org/stable/c/176fdcbddfd288408ce8571c1760ad618d962096 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2026-43484 – mmc: core: Avoid bitfield RMW for claim/retune flags
https://notcve.org/view.php?id=CVE-2026-43484
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host->claimed bit shared a word with retune flags. Writes to claimed in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite other bits when concurrent updates happen in other contexts, triggering spurious WARN_ON(!host->claimed). Convert claimed,... • https://git.kernel.org/stable/c/6c0cedd1ef9527ef13e66875746570e76a3188a7 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2026-43483 – KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
https://notcve.org/view.php?id=CVE-2026-43483
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (de)activated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8 will remain intercepted in perpetuity. On its own, the dangling CR8 intercept is "just" a performance issue, but combined with the TPR sync bug fixed by commit d... • https://git.kernel.org/stable/c/3bbf3565f48ce3999b5a12cde946f81bd4475312 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2026-43482 – sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
https://notcve.org/view.php?id=CVE-2026-43482
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from triggering further error handling. After claiming exit, the caller must kick the helper kthread work which initiates bypass mode and teardown. If the calling task gets preempted between claiming exit and kicking the helper work, and the BPF scheduler fails to schedule it back (since error... • https://git.kernel.org/stable/c/f0e1a0643a59bf1f922fa209cec86a170b784f3f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2026-43481 – net-shapers: don't free reply skb after genlmsg_reply()
https://notcve.org/view.php?id=CVE-2026-43481
13 May 2026 — In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and ... • https://git.kernel.org/stable/c/4b623f9f0f59652ea71fcb27d60b4c3b65126dbb •