Total CVEs

144,202

Critical Severity

4,148

High Severity

14,963

Last 7 Days

1,665
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 17,341 - 17,360 of 40,607 CVEs
CVE-2026-43170 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3_gadget_vbus_draw() can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, lea...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43169 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUG_ON by validating rounded allocation When DRM_BUDDY_CONTIGUOUS_ALLOCATION is set, the requested size is rounded up to the next power-of-two via roundup_pow_of_two(). Similarly, for non-contiguous allocations ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43168 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by error") doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'l...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43167 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: xfrm: always flush state and policy upon NETDEV_UNREGISTER event syzbot is reporting that "struct xfrm_state" refcount is leaking. unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2 ref_tra...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43166 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mus...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43165 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin When calling of_parse_phandle_with_args(), the caller is responsible to call of_node_put() to release the reference of device node. In nct7363_present_pwm_fanin, it...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43164 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] Since the cited commit, udp_lib_init_sock() can fail, as can udp_init_sock() and udpv6_init_sock()....

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43163 MEDIUM - 4.7

In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bitmap_daemon_work() an...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43162 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in __tegra_channel_try_format() The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed. In __tegra_channel_try_forma...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43161 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace (e.g., QEMU, DPDK) can hard-lock the host when their link drops, either by surpris...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43160 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: mfd: macsmc: Initialize mutex Initialize struct apple_smc's mutex in apple_smc_probe(). Using the mutex uninitialized surprisingly resulted only in occasional NULL pointer dereferences in apple_smc_read() calls from the probe...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43159 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix null dereference in find_network The variable pwlan has the possibility of being NULL when passed into rtw_free_network_nolock() which would later dereference the variable.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43158 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block freemap adjustment code after ~20 minutes of running on my test VMs: ASSERT(ichdr->firstused >= ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43157 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: CGX: fix bitmap leaks The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap) are allocated by cgx_lmac_init() but never freed in cgx_lmac_exit(). Unbinding and rebinding the driver therefore triggers km...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43156 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasus_probe() fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usb_rcvbulkpipe(dev, 1) for RX data - usb_sndbulkpipe(dev, 2) for TX dat...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43155 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures (e.g. probe deferral) an...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43154 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing valid volume labels can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or o...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43153 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer when xfs_attr3_leaf_lookup_int returns -ENOATTR or...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43152 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43151 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD