Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,381 - 14,400 of 38,432 CVEs
CVE-2026-43337 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition: ((!fams2_enable && update...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43336 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted_state before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permuted_state' is sufficient to compute the original 'state', and thus the key,...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43335 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a p...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43334 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smp_cmd_pairing_req() currently builds the pairing response from the initiator auth_req before enforcing the local BT_SECURITY_HIGH requirement...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43333 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_MAYBE_NULL, allowing direct dereference without a null check. Map iterator ctx->key and ctx->v...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43332 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registering a thermal zone device, it needs to wait for the tz->removal completion like thermal_zone_device...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidating GS base (which KCOV relies on for per-cpu data). When CONFIG_KCOV is enabled, any subsequent instru...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43330 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwi...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43329 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: * ethernet mangling (4 payload actions, 2 for each ethernet address) * SNAT (4 payload action...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls kobject_put(&dbs_data->attr_set.kobj). The kobject release callback cpufreq_...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43327 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usb_gadget_udc_reset() routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routi...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43326 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because the irq_work runs...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43325 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't send a 6E related command when not supported MCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not send it if the device doesn't support 6E. Apparently, the firmware is mistakenly advertising...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43324 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9 (...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43323 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero_vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b ("sched/fair: Fix zero_vruntime tracking"). The combination of...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43322 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in le_read_features_complete This fixes the following backtrace caused by hci_conn being freed before le_read_features_complete but after hci_le_read_remote_features_sync so hci_conn_del -> hci_cmd_...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43321 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the compute_insn_live_regs() function. Fix this.

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43320 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43319 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_lock, but acquired them in different orders depending on the code path: write()/read(): buf_lock ->...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43318 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B wi...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD