Total CVEs

139,456

Critical Severity

3,644

High Severity

13,084

Last 7 Days

1,238
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 1,401 - 1,420 of 2,903 CVEs
CVE-2025-71271 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43120 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails af...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43119 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, several other functions read or write hde...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43118 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to 0...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43117 CRITICAL - 9.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. Use file_ino...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43116 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->master safely: -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43115 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called with a sche...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43114 CRITICAL - 9.4

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43113 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43112 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43111 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the readers_lock. This allows a concurrent roccat_release() to remove and free a reader while i...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43110 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index wit...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43109 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock κΉ€μ˜λ―Ό reports that shstk_pop_sigframe() doesn't check for errors from mmap_read_lock_killable(), which is a silly oversight, and also shows that we haven't marked tho...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43108 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei for reason not matching servreg_loc_pfr_req's reason field due which we could observe decoding erro...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43107 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. xfrm_aevent_msgsize() do...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43106 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expect 2 references to the 'rep' dentry. Three of the callers were changed to use start_removi...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43105 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc() in vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the missing kfree() for the BO array b...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43104 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4_save_hang_state() encounters an early return condition, it returns without freeing the previously allocated `kernel_state`, leaking memory. Add the missing kfree() call...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43103 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD from lapbeth_device_event() makes sure bonding driver can not break this expectatio...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43102 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC or if we consumed a...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD