CVE-2026-43441
- EPSS 0.48%
- Veröffentlicht 08.05.2026 14:22:09
- Zuletzt bearbeitet 21.05.2026 17:16:14
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ...
CVE-2026-43439
- EPSS 0.09%
- Veröffentlicht 08.05.2026 14:22:08
- Zuletzt bearbeitet 21.05.2026 17:26:45
In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a css_set, cgroup_migrate_add_task() first moves it from cset->tasks to cset->mg_tasks via: ...
CVE-2026-43437
- EPSS 0.13%
- Veröffentlicht 08.05.2026 14:22:07
- Zuletzt bearbeitet 21.05.2026 17:41:41
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime (runtime = s->r...
CVE-2026-43436
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:06
- Zuletzt bearbeitet 21.05.2026 17:43:14
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descript...
CVE-2026-43432
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:03
- Zuletzt bearbeitet 20.05.2026 18:18:34
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. C...
CVE-2026-43430
- EPSS 0.09%
- Veröffentlicht 08.05.2026 14:22:02
- Zuletzt bearbeitet 20.05.2026 18:22:23
In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submit...
CVE-2026-43428
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:01
- Zuletzt bearbeitet 20.05.2026 18:26:17
In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in usbcore allow unlimited timeout durations. An...
CVE-2026-43429
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:01
- Zuletzt bearbeitet 20.05.2026 18:23:12
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts fo...
CVE-2026-43427
- EPSS 0.13%
- Veröffentlicht 08.05.2026 14:22:00
- Zuletzt bearbeitet 20.05.2026 18:29:41
In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc->length update can be reor...
CVE-2026-43425
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:21:59
- Zuletzt bearbeitet 20.05.2026 18:35:46
In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800_device_read() submits download_urb and waits for completion. If the timeout fires and the device has not responded, the func...