linux kernel

CVE-2026-43298, published to the NVD on May 8, 2026, documents a Linux kernel amdgpu driver flaw in which AMDGPU’s VCN 2.5 virtual-function teardown path tried to release a poison interrupt that the VF never enabled. That sounds almost comically narrow, but it is exactly the kind of kernel...

CVE-2026-43299 is a newly published Linux kernel Btrfs vulnerability, disclosed through kernel.org and surfaced in NVD and Microsoft’s Security Update Guide on May 8, 2026, involving a crash when Btrfs flips a filesystem read-only during pending read-repair work. The flaw is not a flashy...

CVE-2026-43456 is a Linux kernel bonding-driver vulnerability published by NVD on May 8, 2026 and modified on May 11, in which a local privileged user can trigger type confusion when a non-Ethernet device such as a GRE tunnel is enslaved to a bond. The bug is not a Windows vulnerability in the...

CVE-2026-43321 is a newly published Linux kernel vulnerability in the BPF verifier, disclosed through kernel.org and surfaced in Microsoft’s Security Update Guide on May 8, 2026, with a high CVSS 3.1 score of 7.8 and local, low-complexity exploitation characteristics. The bug is small in code...

On May 8, 2026, CVE-2026-43318 was published for a Linux kernel amdgpu driver bug in amdgpu_dma_buf_move_notify, where incorrect synchronization during DMA-BUF buffer movement could make an AMD GPU update page tables too early and trigger a likely GPU page fault. The vulnerability is not a...

CVE-2026-43009 is a Linux kernel eBPF verifier flaw disclosed by kernel.org on May 1, 2026, affecting versions from 5.12 through before 6.19.12 and scored 7.8 High because a local privileged user could potentially compromise confidentiality, integrity, and availability. The short version is that...

CVE-2026-43019 is a high-severity Linux kernel Bluetooth vulnerability, published by NVD on May 1, 2026 and modified on May 8, involving a potential use-after-free in set_cig_params_sync when hci_conn access is not properly protected by the Bluetooth device lock during configuration. It is not a...

CVE-2026-31725, published May 1, 2026 and modified by NVD on May 7, tracks a Linux kernel USB gadget ECM flaw in which a network device can outlive its gadget parent, leaving broken sysfs topology and creating a local denial-of-service risk. The short answer to the CPE question is yes: the...

CVE-2026-43053 is a Linux kernel XFS filesystem vulnerability published on May 1, 2026, and later analyzed by NIST on May 7, involving a crash-recovery flaw during extended-attribute tree cleanup that can leave XFS metadata unreplayable after a local, privileged failure sequence. The bug is not...

CVE-2026-43308 is a newly published Linux kernel vulnerability, recorded by NVD on May 8, 2026, covering a Btrfs fix that replaces a kernel-crashing BUG() in run_one_delayed_ref() with ordinary error handling and logging when an unexpected delayed-reference type appears. That sounds almost...

CVE-2026-43398 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 8, 2026, involving the AMDGPU driver’s user queue wait ioctl path, where oversized user-supplied values could trigger out-of-memory conditions. The fix is not glamorous: it adds an...

CVE-2026-43400 is a newly published Linux kernel vulnerability, disclosed on May 8, 2026, in AMD’s open-source amdgpu driver, where oversized user input to the amdgpu_userq_signal_ioctl path can trigger out-of-memory conditions and potentially be abused for denial-of-service attacks. The fix is...

CVE-2026-43292 is a Linux kernel availability vulnerability published by NVD on May 8, 2026, after a kernel.org fix for RCU stalls in kasan_release_vmalloc_node, where vmalloc cleanup could monopolize CPU time when CONFIG_PAGE_OWNER and KASAN shadow-page freeing collided. The bug is not a...

CVE-2026-43319 was published on May 8, 2026, for a Linux kernel spidev deadlock in which competing read()/write() and ioctl() paths could acquire spi_lock and buf_lock in opposite orders, allowing a userspace program to hang SPI device access. The bug is not a flashy remote-code-execution story...

CVE-2026-43306 is a newly published Linux kernel vulnerability recorded by NVD on May 8, 2026, covering a BPF crypto bug where a destructor kfunc used the wrong function type under Control Flow Integrity enforcement. It is not the kind of headline-grabbing remote code execution flaw that sends...

CVE-2026-43300 is a newly published Linux kernel vulnerability, disclosed through kernel.org and surfaced by Microsoft’s Security Update Guide on May 8, 2026, involving a possible NULL-pointer dereference in the DRM panel driver function jdi_panel_dsi_remove(). It is not the kind of bug that...

CVE-2026-31771 is a high-severity Linux kernel Bluetooth flaw disclosed on May 1, 2026, in which malformed short HCI event frames could reach wake-reason address handling before per-event payload-length validation occurred. The bug is not a Windows vulnerability in the narrow sense, but it...

CVE-2026-31724 is a medium-severity Linux kernel flaw published on May 1, 2026, affecting the USB gadget Ethernet Emulation Model function, where a network device can outlive its parent gadget device and leave broken sysfs links after unbind and rebind cycles. The bug is not a remote Windows...

CVE-2026-31723 is a medium-severity Linux kernel flaw published on May 1, 2026, involving the USB gadget f_subset driver, where a network device can outlive its sysfs parent during bind and unbind cycles and leave broken kernel device links behind. It is not the kind of bug that should send...

CVE-2026-43267 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the Realtek rtw89 Wi-Fi driver, where a zero beacon interval discovered during fuzz testing could trigger a division-by-zero fault in beacon tracking code. The fix is almost comically small: if the...