linux kernel

CVE-2026-43308 is a newly published Linux kernel vulnerability, recorded by NVD on May 8, 2026, covering a Btrfs fix that replaces a kernel-crashing BUG() in run_one_delayed_ref() with ordinary error handling and logging when an unexpected delayed-reference type appears. That sounds almost...

CVE-2026-43398 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 8, 2026, involving the AMDGPU driver’s user queue wait ioctl path, where oversized user-supplied values could trigger out-of-memory conditions. The fix is not glamorous: it adds an...

CVE-2026-43400 is a newly published Linux kernel vulnerability, disclosed on May 8, 2026, in AMD’s open-source amdgpu driver, where oversized user input to the amdgpu_userq_signal_ioctl path can trigger out-of-memory conditions and potentially be abused for denial-of-service attacks. The fix is...

CVE-2026-43292 is a Linux kernel availability vulnerability published by NVD on May 8, 2026, after a kernel.org fix for RCU stalls in kasan_release_vmalloc_node, where vmalloc cleanup could monopolize CPU time when CONFIG_PAGE_OWNER and KASAN shadow-page freeing collided. The bug is not a...

CVE-2026-43319 was published on May 8, 2026, for a Linux kernel spidev deadlock in which competing read()/write() and ioctl() paths could acquire spi_lock and buf_lock in opposite orders, allowing a userspace program to hang SPI device access. The bug is not a flashy remote-code-execution story...

CVE-2026-43306 is a newly published Linux kernel vulnerability recorded by NVD on May 8, 2026, covering a BPF crypto bug where a destructor kfunc used the wrong function type under Control Flow Integrity enforcement. It is not the kind of headline-grabbing remote code execution flaw that sends...

CVE-2026-43300 is a newly published Linux kernel vulnerability, disclosed through kernel.org and surfaced by Microsoft’s Security Update Guide on May 8, 2026, involving a possible NULL-pointer dereference in the DRM panel driver function jdi_panel_dsi_remove(). It is not the kind of bug that...

CVE-2026-31771 is a high-severity Linux kernel Bluetooth flaw disclosed on May 1, 2026, in which malformed short HCI event frames could reach wake-reason address handling before per-event payload-length validation occurred. The bug is not a Windows vulnerability in the narrow sense, but it...

CVE-2026-31724 is a medium-severity Linux kernel flaw published on May 1, 2026, affecting the USB gadget Ethernet Emulation Model function, where a network device can outlive its parent gadget device and leave broken sysfs links after unbind and rebind cycles. The bug is not a remote Windows...

CVE-2026-31723 is a medium-severity Linux kernel flaw published on May 1, 2026, involving the USB gadget f_subset driver, where a network device can outlive its sysfs parent during bind and unbind cycles and leave broken kernel device links behind. It is not the kind of bug that should send...

CVE-2026-43267 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the Realtek rtw89 Wi-Fi driver, where a zero beacon interval discovered during fuzz testing could trigger a division-by-zero fault in beacon tracking code. The fix is almost comically small: if the...

On May 6, 2026, CVE-2026-43119 was published for a Linux kernel Bluetooth flaw in hci_sync, where unsynchronized reads and writes of hdev->req_status could create a data race across separate kernel workqueues. The fix is small, almost boring: annotate the shared status field with READ_ONCE() and...

CVE-2026-43216 is a Linux kernel networking vulnerability published by NVD on May 6, 2026, after kernel.org assigned a CVE to a fix that removes an unsafe lock acquisition from skb_may_tx_timestamp() in transmit timestamp handling. The bug is not the kind of headline-grabbing...

CVE-2026-43213 is a Linux kernel flaw disclosed by kernel.org and listed by Microsoft’s Security Update Guide on May 6, 2026, affecting the Realtek rtw89 PCI Wi-Fi driver when malformed TX release report sequence numbers trigger an out-of-bounds access and kernel crash. The bug is not the sort...

CVE-2026-43213 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by Microsoft’s Security Update Guide on May 6, 2026, affecting the Realtek rtw89 PCI Wi-Fi driver when abnormal transmit-release sequence numbers trigger an out-of-bounds kernel access. The...

CVE-2026-43250 is a Linux kernel vulnerability published on May 6, 2026, affecting the ChipIdea USB Device Controller driver when a USB gadget device is disconnected and reconnected during an active multi-segment DMA transfer. The bug is not a headline-grabbing remote code execution flaw; it is...

CVE-2026-43243 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in AMD’s display driver code, where a missing signal-type check in the DCN 4.0.1 display path can crash systems that mishandle DPIA display links. The bug is narrow, technical, and not yet scored by NVD...

CVE-2026-43172 is a newly published Linux kernel vulnerability disclosed on May 6, 2026, affecting Intel’s iwlwifi driver, where malformed firmware reporting for 22000-series wireless hardware could trigger an out-of-bounds array access during shared-memory parsing. The bug is narrow, technical...

CVE-2026-43176 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the Realtek rtw89 PCI Wi-Fi driver where malformed RTL8922DE transmit release-report data could trigger a crash before the driver validated it. The bug is not a flashy remote-code-execution headline, and...

CVE-2026-43191 is a newly published Linux kernel vulnerability from kernel.org, dated May 6, 2026, affecting AMD’s display driver path where DCN35 hardware can hang when TMDS output is disabled and a PHY PLL transition is not handled atomically. It is not a headline-grabbing...