Total CVEs

146,098

Critical Severity

4,294

High Severity

15,811

Last 7 Days

2,298
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,501 - 6,520 of 42,503 CVEs
CVE-2026-53253 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bnep_rx_frame() reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before p...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever releasing it.

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53250 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata() The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xsk_skb_metadata(), csum_start and csum_offset...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. This prevents unprivile...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53248 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airoha_metadata_dst_free() runs metadata_dst_free() which frees the metadata_dst with kfree() immediately, bypassing the RCU grace period. In the RX path, skb_dst_set_noref(...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53247 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown mtk_free_dev() calls metadata_dst_free() which frees the metadata_dst with kfree() immediately, bypassing the RCU grace period. In the RX path, skb_dst_set_no...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53246 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing When a listening SCTP server processes a COOKIE_ECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr In mrp_pdu_parse_vecattr(), vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53244 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4_create_file() atomic_create() in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentry_create() so that it will drop the referen...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update() There is an bug in which an uninitialized stack variable is used in rseq_exit_user_update() as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseq_set...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53242 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams snd_pcm_drain() uses init_waitqueue_entry which does not clear entry.prev/next, and add_wait_queue with a conditional remove_wait_queue that is skipped...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the temporary to subscri...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53240 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on first_skb in __input_process_payload __input_process_payload() stores first_skb into xtfs->ra_newskb under drop_lock when starting partial reassembly, then unlocks and breaks out of the proces...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53239 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() Fix the race by pruning the bin while still holding xfrm_policy_lock, before dropping it. Use __xfrm_policy_inexact_prune_bin() directly since the lock is ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl_unlabel_addrinfo_get() used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independ...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvch...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an unprivileged applicati...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD
CVE-2026-53235 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: net: add pskb_may_pull() to skb_gro_receive_list() skb_gro_receive_list() calls skb_pull(skb, skb_gro_offset(skb)) without first ensuring the data is in the linear area via pskb_may_pull(). When the skb arrives via napi_gro_frags(...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devm_register_netdev() which causes unregister_netdev() to be deferred until the devres cleanup phase, which runs after emac_remove() returns. This crea...

Vendor: Linux
Product: Linux
Published: Jun 25, 2026
Source: NVD