Total CVEs

145,982

Critical Severity

4,294

High Severity

15,805

Last 7 Days

2,235
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,421 - 6,440 of 42,387 CVEs
CVE-2026-53217 HIGH - 8.6

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at dma_addr and only covers rx_bytes ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53216 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGE_SIZE. The XDP path nevertheless initializes every xdp_buff with PAGE_SIZE as frame size. XDP hel...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53215 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2_rx_refill() can fail after the ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanup_prefix_route() addrconf_get_prefix_route() can return the fib6_null_entry sentinel entry which has a NULL fib6_table pointer. Therefore, before setting the route's expiration time, check t...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc() memory leak Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter: MEM = krealloc(MEM, SZ, GFP); If krealloc() returns NULL, that erases the...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53212 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix use-after-free on object destroy nft_tunnel_obj_destroy() calls metadata_dst_free() which directly kfree()s the metadata_dst, ignoring the dst_entry refcount. Packets that took a reference via dst_hold()...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register NFT_META_BRI_IIFHWADDR declares its destination register with len = ETH_ALEN (6 bytes), which the register-init tracking rounds up to two 32-bit registers (8 ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in register_shm_helper() register_shm_helper() allocates shm before calling iov_iter_npages(). If iov_iter_npages() returns 0, the function jumps to err_ctx_put and leaks shm. This can be triggered by TEE_I...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53209 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hci_adv_bcast_annoucement() prepends the Broadcast Announcement se...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2cap_core.c:l2cap_sig_channel() accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU (M...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison Two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can trigger a recursive spinlock self-deadlock (AA deadlock) on hugetlb_lock when r...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory allocati...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53205 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (fro...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsu_send_msg() timeout in probe rsu_send_msg() can return -ETIMEDOUT when wait_for_completion_interruptible_timeout() fires while the SMC call is still pending. In stratix10_rsu_probe(), ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53203 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS get_info_ioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53202 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative,...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53201 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53200 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX XN has already been extracted from its bitfield position so using FIELD_PREP() on the mask that clears XN[0] is completely broken, having the effect of unconditionally granting ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53199 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf netvsc_copy_to_send_buf() copies page buffer entries into the VMBus send buffer using phys_to_virt() on the entry PFN. Entries for the RNDIS header and the skb linear data ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53198 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL A deferred byte-range lock (an SMB2_LOCK that blocks) registers an async work on conn->async_requests via setup_async_work(), with cancel_fn = smb2_remove_...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD