0.0
CVE-2026-43348 - mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER
In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and last_pfn, intending β¦
0.0
CVE-2026-43347 - arm64: dts: qcom: monaco: Reserve full Gunyah metadata region
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions (ESR=0x96000010) and kernel crashes on Monaco-based platforms. These faults are caused by the kernel inadveβ¦
0.0
CVE-2026-43346 - ice: ptp: don't WARN when controlling PF is unavailable
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF (adapter->ctrl_pf) is never initβ¦
0.0
CVE-2026-43345 - net: ipa: fix event ring index not programmed for IPA v5.0+
In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to CH_C_CNTXT_1. The v5.0 register definition intended to define this field in the CH_C_CNTXT_1 fmask aβ¦
0.0
CVE-2026-43344 - perf/x86/intel/uncore: Fix die ID init and look up bugs
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_ONβ¦
8.7
CVE-2026-44340 - PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape β but does not validate member.linβ¦
7.5
CVE-2026-39816 - Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy Scriβ¦
0.0
CVE-2026-43343 - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to decrement it. This prevents the configuration of attributes via configfs after unlinking the functionβ¦
0.0
CVE-2026-43342 - usb: gadget: f_rndis: Protect RNDIS options with mutex
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. Thβ¦
0.0
CVE-2026-43341 - net/ipv6: ioam6: prevent schema length wraparound in trace fill
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wβ¦