Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,242
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,401 - 16,420 of 39,637 CVEs
CVE-2026-43140 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43139 HIGH - 8.6

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). When ipv6_dev_get_saddr() fails to find a suitable source address (returns -EADDRNOTAVAIL), saddr->i...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43138 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consume...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43137 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loo...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43136 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This ca...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43135 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in snd_cx23885_hw_params() In error path, add cx23885_alsa_dma_unmap() to release the resource acquired by cx23885_alsa_dma_map().

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43134 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43133 HIGH - 7.9

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state") made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43132 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: dm-verity: correctly handle dm_bufio_client_create() failure If either of the calls to dm_bufio_client_create() in verity_fec_ctr() fails, then dm_bufio_client_destroy() is later called with an ERR_PTR() argument. That causes a c...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43131 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43130 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac ("iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected") relies on pci_dev_is_disconnected...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43129 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in ima_restore_measurement_list()", v3. When the second-stage kernel is booted via kexec with a limiting command...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43128 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_map_pages() can fail. If this occurs, the dmabuf is immediately unpinned but the umem_dmabuf->pinned...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43127 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft() takes ni-&g...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43126 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43125 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43124 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: pstore: ram_core: fix incorrect success return when vmap() fails In persistent_ram_vmap(), vmap() may return NULL on failure. If offset is non-zero, adding offset_in_page(start) causes the function to return a non-NULL pointer ev...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43123 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fb_acquire_newinfo() If fbcon_open() fails when called from con2fb_acquire_newinfo() then info->fbcon_par pointer remains NULL which is later dereferenced. Add check for return value of the fun...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43122 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in __acpi_processor_start() Commit 7a8c994cbb2d ("ACPI: processor: idle: Optimize ACPI idle driver registration") moved the ACPI idle driver registration to acpi_processor_dri...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43121 MEDIUM - 4.7

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then-decrement pattern (atomic_read followed by separate atomic_dec) to manipulate user_refs. This is ser...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD