Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,712
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,061 - 16,080 of 38,432 CVEs
CVE-2026-31766 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell_offset in user queue creation amdgpu_userq_get_doorbell_index() passes the user-provided doorbell_offset to amdgpu_doorbell_index_on_bar() without bounds checking. An arbitrarily large doorbell_offset...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB Currently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while KFD_CWSR_TBA_TMA_SIZE is defined as 2 * PAGE_SIZE. On systems with 4K pages, both values match (8KB), so al...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31764 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only The st_lsm6dsx_hwfifo_odr_store() function, which is called when userspace writes the buffer sampling frequency sysfs attribute, calls st_lsm6dsx_check_odr...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31763 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix incorrect free_irq() variable The handler for the IRQ part of this driver is mpu3050->trig but, in the teardown free_irq() is called with handler mpu3050. Use correct IRQ handler when calling free_irq()...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31762 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix irq resource leak The interrupt handler is setup but only a few lines down if iio_trigger_register() fails the function returns without properly releasing the handler. Add cleanup goto to resolve resource ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31761 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place iio_device_register() at the end of the probe function and plac...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31760 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: gpib: lpvo_usb: fix memory leak on disconnect The driver iterates over the registered USB interfaces during GPIB attach and takes a reference to their USB devices until a match is found. These references are never released which l...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31759 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpi_register_interface() error path When device_register() fails, ulpi_register() calls put_device() on ulpi->dev. The device release callback ulpi_dev_release() drops the OF node reference and f...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31758 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmc_release When calling usbtmc_release, pending anchored URBs must be flushed or killed to prevent use-after-free errors (e.g. in the HCD giveback path). Call usbtmc_draw_down() to allow anc...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31757 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usb_submit_urb() fails in usbio_probe(), the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to err_free_urb label to properly relea...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31756 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() dwc2_gadget_exit_clock_gating() internally calls call_gadget() macro, which expects hsotg->lock to be held since it does spin_unlock/spin_lock around the...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31755 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in ep_queue When the gadget endpoint is disabled or not yet configured, the ep->desc pointer can be NULL. This leads to a NULL pointer dereference when __cdns3_gadget_ep_queue() ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31754 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3_gadget_start() fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. Wh...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31753 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31752 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: validate ND option lengths br_nd_send() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR opt...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31751 MEDIUM - 4.7

In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31750 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak [1], because commit 4e1da516debb ("comedi: Add reference counting for Comedi command handling") did not consider the exceptional...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31749 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: comedi: ni_atmio16d: Fix invalid clean-up after failed attach If the driver's COMEDI "attach" handler function (`atmio16d_attach()`) returns an error, the COMEDI core will call the driver's "detach" h...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31748 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the f...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31747 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer `me4000_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the f...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD