CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD-2026-32399

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...

5.8AI score0.00037EPSS

CVE•added 2026/05/27 12:56 p.m.•16 views

CVE-2026-46018

In the Linux kernel ALSA USB audio path, the vulnerability arises from parse_uac2_sample_rate_range() capping the number of enumerated UAC2 sample rates at MAX_NR_RATES but only exiting the inner loop. A malformed UAC2 RANGE response with extra triplets can continue parsing, causing repeated "inv...

5.8AI score0.00037EPSS

Exploits0References8

EUVD-2026-32398

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

5.8AI score0.00024EPSS

Cvelist•added 2026/05/27 12:56 p.m.•36 views

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

0.00024EPSS

EUVD-2026-32397

5.9AI score0.00024EPSS

CVE•added 2026/05/27 12:56 p.m.•18 views

CVE-2026-46015

The CVE-2026-46015 issue affects the Linux kernel TCP path when migrating an established child socket between listeners in the same SO_REUSEPORT group. After inet_csk_listen_stop() migrates, the target listener can obtain a new accept-queue entry via inet_csk_reqsk_queue_add(), but the path does ...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References7

EUVD-2026-32396

In the Linux kernel, the following vulnerability has been resolved: tcp: call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket in the same SOREUSEPORT group, the target listener gets a new accept-queue entry...

5.8AI score0.00013EPSS

Cvelist•added 2026/05/27 12:56 p.m.•40 views

CVE-2026-46015 tcp: call sk_data_ready() after listener migration

7.8CVSS0.00013EPSS

Exploits0References7

EUVD-2026-32395

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

5.8AI score0.00022EPSS

Cvelist•added 2026/05/27 12:56 p.m.•35 views

CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs

0.00022EPSS

Cvelist•added 2026/05/27 12:56 p.m.•34 views

CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkadverifyresponse Fix rxkadverifyresponse to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after...

0.00024EPSS

EUVD•added 2026/05/27 12:56 p.m.•6 views

EUVD-2026-32309

5.8AI score0.00024EPSS

CVE•added 2026/05/27 12:56 p.m.•12 views

CVE-2026-46011

Summary (CVE-2026-46011, Linux kernel, media: mtk-jpeg): A use-after-free in the mtk-jpeg driver arises when the release path frees the context (ctx) without cancelling pending/running work in ctx->jpeg_work, creating a race with the workqueue accessing freed memory. The race occurs during clo...

7.8CVSS5.7AI score0.00013EPSS

EUVD•added 2026/05/27 12:56 p.m.•6 views

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

5.7AI score0.00013EPSS

CVE•added 2026/05/27 12:56 p.m.•15 views

CVE-2026-46010

CVE-2026-46010 affects the Linux kernel's rxrpc component. The root cause is missing error handling in rxgk_extract_token(): if rxgk_decrypt_skb() returns -ENOMEM, the function should return that error instead of proceeding, which can lead to an abort. Several advisories state the vulnerability c...

8.1CVSS5.8AI score0.00053EPSS

EUVD•added 2026/05/27 12:56 p.m.•5 views

EUVD-2026-32307

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it should just return that rather than continuing on for anything else, it...

5.8AI score0.00053EPSS

Cvelist•added 2026/05/27 12:56 p.m.•38 views

CVE-2026-46008 mm/damon/core: fix damos_walk() vs kdamond_fn() exit race

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

0.00024EPSS

EUVD•added 2026/05/27 12:56 p.m.•7 views

EUVD-2026-32305

5.7AI score0.00024EPSS

CVE•added 2026/05/27 12:56 p.m.•13 views

CVE-2026-46008

CVE-2026-46008 (Linux kernel) : A race between damos_walk() and kdamond_fn() exit could cause a deadlock because registration of a new damos_walk() request and the termination of the damon context could race when the kdamond is finishing. The fix adds a new damon_ctx field, walk_control_obsolete,...

5.7AI score0.00024EPSS