linux kernel

CVE-2026-43496 is a newly published Linux kernel vulnerability, disclosed through kernel.org and added to NVD on May 21, 2026, that fixes a traffic-control crash in the RED queueing discipline when nested under schedulers such as TBF and paired with QFQ children. The bug is not a Windows...

CVE-2026-43501 is a newly published Linux kernel IPv6 vulnerability, disclosed through the kernel.org CVE process and added to NVD on May 21, 2026, involving an out-of-bounds write in the RPL Source Routing Header handling path. It is not a Windows bug, but it matters to WindowsForum readers...

CVE-2026-43502 is a newly published Linux kernel vulnerability, added to NVD on May 21, 2026, involving Reliable Datagram Sockets zerocopy send cleanup when pinned user pages are released before a message reaches the socket queue. The bug is not a Windows Remote Desktop Services issue, despite...

CVE-2026-43465 is a Linux kernel mlx5e network-driver flaw, published by NVD on May 8, 2026 and last modified on May 20, that affects Mellanox/NVIDIA mlx5 Ethernet receive paths when XDP multi-buffer programs reshape packet fragments under striding receive queues. The short version is less...

CVE-2026-43303 is a Linux kernel use-after-free vulnerability published by NVD on May 8, 2026, sourced from kernel.org, affecting kernel versions from 5.18 through pre-fixed stable releases and rated High by kernel.org under CVSS 3.1. The bug sits in the memory allocator, not in a flashy network...

CVE-2026-43491 is a newly published Linux kernel vulnerability, added to NVD on May 19, 2026, in the Qualcomm IPC Router name service code, where an unbounded stream of server registrations from a malicious client can exhaust kernel memory. The fix is not glamorous: cap registrations at 256 per...

On May 1, 2026, kernel.org published CVE-2026-31721, a medium-severity Linux kernel vulnerability in the USB gadget HID function where rebinding a gadget could corrupt kernel list state after an epoll-registered /dev/hidg0 file descriptor survived the unbind-and-bind cycle. The bug is not a...

CVE-2026-43298, published to the NVD on May 8, 2026, documents a Linux kernel amdgpu driver flaw in which AMDGPU’s VCN 2.5 virtual-function teardown path tried to release a poison interrupt that the VF never enabled. That sounds almost comically narrow, but it is exactly the kind of kernel...

CVE-2026-43299 is a newly published Linux kernel Btrfs vulnerability, disclosed through kernel.org and surfaced in NVD and Microsoft’s Security Update Guide on May 8, 2026, involving a crash when Btrfs flips a filesystem read-only during pending read-repair work. The flaw is not a flashy...

CVE-2026-43456 is a Linux kernel bonding-driver vulnerability published by NVD on May 8, 2026 and modified on May 11, in which a local privileged user can trigger type confusion when a non-Ethernet device such as a GRE tunnel is enslaved to a bond. The bug is not a Windows vulnerability in the...

CVE-2026-43321 is a newly published Linux kernel vulnerability in the BPF verifier, disclosed through kernel.org and surfaced in Microsoft’s Security Update Guide on May 8, 2026, with a high CVSS 3.1 score of 7.8 and local, low-complexity exploitation characteristics. The bug is small in code...

On May 8, 2026, CVE-2026-43318 was published for a Linux kernel amdgpu driver bug in amdgpu_dma_buf_move_notify, where incorrect synchronization during DMA-BUF buffer movement could make an AMD GPU update page tables too early and trigger a likely GPU page fault. The vulnerability is not a...

CVE-2026-43009 is a Linux kernel eBPF verifier flaw disclosed by kernel.org on May 1, 2026, affecting versions from 5.12 through before 6.19.12 and scored 7.8 High because a local privileged user could potentially compromise confidentiality, integrity, and availability. The short version is that...

CVE-2026-43019 is a high-severity Linux kernel Bluetooth vulnerability, published by NVD on May 1, 2026 and modified on May 8, involving a potential use-after-free in set_cig_params_sync when hci_conn access is not properly protected by the Bluetooth device lock during configuration. It is not a...

CVE-2026-31725, published May 1, 2026 and modified by NVD on May 7, tracks a Linux kernel USB gadget ECM flaw in which a network device can outlive its gadget parent, leaving broken sysfs topology and creating a local denial-of-service risk. The short answer to the CPE question is yes: the...

CVE-2026-43053 is a Linux kernel XFS filesystem vulnerability published on May 1, 2026, and later analyzed by NIST on May 7, involving a crash-recovery flaw during extended-attribute tree cleanup that can leave XFS metadata unreplayable after a local, privileged failure sequence. The bug is not...

CVE-2026-43308 is a newly published Linux kernel vulnerability, recorded by NVD on May 8, 2026, covering a Btrfs fix that replaces a kernel-crashing BUG() in run_one_delayed_ref() with ordinary error handling and logging when an unexpected delayed-reference type appears. That sounds almost...

CVE-2026-43398 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 8, 2026, involving the AMDGPU driver’s user queue wait ioctl path, where oversized user-supplied values could trigger out-of-memory conditions. The fix is not glamorous: it adds an...

CVE-2026-43400 is a newly published Linux kernel vulnerability, disclosed on May 8, 2026, in AMD’s open-source amdgpu driver, where oversized user input to the amdgpu_userq_signal_ioctl path can trigger out-of-memory conditions and potentially be abused for denial-of-service attacks. The fix is...

CVE-2026-43292 is a Linux kernel availability vulnerability published by NVD on May 8, 2026, after a kernel.org fix for RCU stalls in kasan_release_vmalloc_node, where vmalloc cleanup could monopolize CPU time when CONFIG_PAGE_OWNER and KASAN shadow-page freeing collided. The bug is not a...