CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2026/04/03 4:16 p.m.•4 views

CVE-2026-23439

In the Linux kernel, the following vulnerability has been resolved: udptunnel: fix NULL deref caused by udpsockcreate6 when CONFIGIPV6=n When CONFIGIPV6 is disabled, the udpsockcreate6 function returns 0 success without actually creating a socket. Callers such as foucreate then proceed to...

OSV•added 2026/04/03 4:16 p.m.•5 views

Exploits0References8

UBUNTU-CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

UbuntuCve•added 2026/04/03 4:16 p.m.•5 views

CVE-2026-23435

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG: kernel NULL pointer dereference, address: 0000000000000198 RIP:...

5.5CVSS5.8AI score0.00121EPSS

OSV•added 2026/04/03 4:16 p.m.•6 views

UBUNTU-CVE-2026-23467

UbuntuCve•added 2026/04/03 4:16 p.m.•2 views

CVE-2026-23442

In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths in6devget can return NULL when the device has no IPv6 configuration e.g. MTU IPV6MINMTU or after NETDEVUNREGISTER. Add NULL checks for idev returned by in6devget in both...

UbuntuCve•added 2026/04/03 4:16 p.m.•1 views

Exploits0References4

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

UbuntuCve•added 2026/04/03 4:16 p.m.•3 views

Exploits0References8

CVE-2026-31394

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on APVLAN interfaces e.g. 4addr WDS clients,...

5.5CVSS5.7AI score0.00114EPSS

OSV•added 2026/04/03 4:16 p.m.•4 views

UBUNTU-CVE-2026-23438

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs CM3...

OSV•added 2026/04/03 4:16 p.m.•2 views

UBUNTU-CVE-2026-23442

OSV•added 2026/04/03 4:16 p.m.•5 views

UBUNTU-CVE-2026-23475

OSV•added 2026/04/03 4:16 p.m.•5 views

UBUNTU-CVE-2026-23443

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpiprocessorerratapiix4 fix After commi f132e089fe89 "ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4", device pointers may be dereferenced after dropping references to the...

5.5CVSS5.7AI score0.00119EPSS

OSV•added 2026/04/03 4:16 p.m.•3 views

UBUNTU-CVE-2026-23435

5.5CVSS5.7AI score0.00121EPSS

OSV•added 2026/04/03 4:16 p.m.•3 views

UBUNTU-CVE-2026-23433

In the Linux kernel, the following vulnerability has been resolved: armmpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpamrestorembwustate calls rismsmonread via ipi to restore the...

5.5CVSS5.7AI score0.00107EPSS

Cvelist•added 2026/04/03 3:15 p.m.•22 views

CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations

0.00114EPSS

Exploits0References4

ATTACKERKB•added 2026/04/03 3:15 p.m.•4 views

CVE-2026-31394

5.7AI score0.00114EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/03 3:15 p.m.•15 views

CVE-2026-23475 spi: fix statistics allocation

0.00123EPSS

CVE•added 2026/04/03 3:15 p.m.•12 views

CVE-2026-23475

CVE-2026-23475 affects the Linux kernel SPI subsystem. The issue was a NULL pointer dereference window in per‑CPU controller statistics: stats were allocated only after controller registration with driver core, so early sysfs access could dereference NULL. The fix moves statistics allocation to t...