0.0
CVE-2026-43009 - bpf: Fix incorrect pruning due to atomic fetch precision tracking
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrack_insn encounters a BPF_STX instruction with BPF_ATOMIC and BPF_FETCH, the src register (or r0 for BPF_CMPXCHG) also acts as a destination, thus receiβ¦
0.0
CVE-2026-43008 - gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio() devm_regmap_init_mmio() returns an ERR_PTR() on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an β¦
0.0
CVE-2026-43007 - accel/qaic: Handle DBC deactivation if the owner went away
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_dβ¦
0.0
CVE-2026-43006 - io_uring/rsrc: reject zero-length fixed buffer import
In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: reject zero-length fixed buffer import validate_fixed_range() admits buf_addr at the exact end of the registered region when len is zero, because the check uses strict greater-than (buf_end > imu->ubuf + imu->len).β¦
0.0
CVE-2026-43005 - hwmon: (tps53679) Fix array access with zero-length block read
In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip() accesses buf[ret - 1] which is buf[-1], reading oβ¦
0.0
CVE-2026-43004 - spi: stm32-ospi: Fix resource leak in remove() callback
In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove() callback The remove() callback returned early if pm_runtime_resume_and_get() failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup cβ¦
0.0
CVE-2026-31785 - drm/xe/xe_pagefault: Disallow writes to read-only VMAs
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_pagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xe_pagefault_service after the VMA lookup. v2: - Apply max line lengtβ¦
0.0
CVE-2026-31784 - drm/xe/pxp: Clear restart flag in pxp_start after jumping back
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp_start after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. (cherry picked from commit 0850ec7bb2459602351639dccf7a68aβ¦
0.0
CVE-2026-31783 - spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback
In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanβ¦
0.0
CVE-2026-31782 - perf/x86: Fix potential bad container_of in intel_pmu_hw_config
In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad container_of in intel_pmu_hw_config Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86_hybrid_pmu and a container_of operation iβ¦