CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-31523

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue...

4.7CVSS0.00022EPSS

CVE-2026-31518

In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...

5.5CVSS0.00015EPSS

NVD•added 2026/04/22 2:16 p.m.•0 views

CVE-2026-31509

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork running on rxwq can end up taking reqlock too:...

5.5CVSS0.00014EPSS

CVE-2026-31493

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in...

7.8CVSS0.00015EPSS

Exploits0References3

CVE-2026-31494

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gemgetssetcount correctly computes the number of stats based on the activ...

7.8CVSS0.00022EPSS

NVD•added 2026/04/22 2:16 p.m.•4 views

CVE-2026-31484

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: fix OOB read in SQEMIXED wrap check iouringshowfdinfo iterates over pending SQEs and, for 128-byte SQEs on an IORINGSETUPSQEMIXED ring, needs to detect when the second half of the SQE would be past the end of the...

7.1CVSS0.00017EPSS

Exploits0References2

NVD•added 2026/04/22 2:16 p.m.•0 views

CVE-2026-31473

7.8CVSS0.00017EPSS

ATTACKERKB•added 2026/04/22 1:54 p.m.•1 views

CVE-2026-31523

5.6AI score0.00022EPSS

Exploits0References9Affected Software1

Cvelist•added 2026/04/22 1:54 p.m.•28 views

CVE-2026-31523 nvme-pci: ensure we're polling a polled queue

0.00022EPSS

CVE•added 2026/04/22 1:54 p.m.•6 views

CVE-2026-31523

In the Linux kernel NVMe PCI driver, CVE-2026-31523 is a race condition: a running change to the polled queue count can create a brief window during reset where a hipri task poll occurs before queue maps are updated, risking double completions when the interrupt-driven path takes over. The issue ...

4.7CVSS5.6AI score0.00022EPSS

CVE•added 2026/04/22 1:54 p.m.•7 views

CVE-2026-31518

CVE-2026-31518 affects the Linux kernel espintcp path when using asynchronous crypto. If the TX queue for espintcp is full, esp_output_tail_tcp returns an error and the skb is not freed under earlier synchronous handling; with async crypto (esp_output_done) the skb must be dropped when esp_output...

5.5CVSS5.7AI score0.00015EPSS

Cvelist•added 2026/04/22 1:54 p.m.•24 views

CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device

0.00014EPSS

CVE•added 2026/04/22 1:54 p.m.•8 views

CVE-2026-31509

CVE-2026-31509 affects the Linux kernel NFC NCI subsystem. The vulnerability stems from nci_close_device() flushing rx_wq and tx_wq while holding req_lock, creating a circular locking dependency with nci_rx_work() and related paths. The fix moves the rx_wq flush to after req_lock is released, rel...

5.5CVSS5.6AI score0.00014EPSS

CVE•added 2026/04/22 1:54 p.m.•5 views

CVE-2026-31493

The CVE-2026-31493 issue exists in Linux kernel RDMA/efa admin queue completion handling: when a command completes with an error, the code may print from a completion context that has already been freed, leading to use-after-free-like behavior. The root cause is use of a freed completion context ...

7.8CVSS5.6AI score0.00015EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/22 1:54 p.m.•25 views

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

0.00015EPSS

Exploits0References3

Cvelist•added 2026/04/22 1:54 p.m.•23 views

CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize freeqp completion before using it In irdmacreateqp, if ibcopytoudata fails, it will call irdmadestroyqp to clean up which will attempt to wait on the freeqp completion, which is not initialized yet. Fix thi...

0.00015EPSS

Exploits0References6

Cvelist•added 2026/04/22 1:54 p.m.•24 views

CVE-2026-31491 RDMA/irdma: Harden depth calculation functions

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calculation functions An issue was exposed where OS can pass in U32MAX for SQ/RQ/SRQ size. This can cause integer overflow and truncation of SQ/RQ/SRQ depth returning a success when it should have failed...

0.00015EPSS

Exploits0References3

CVE•added 2026/04/22 1:54 p.m.•6 views

CVE-2026-31473

The CVE-2026-31473 affects the Linux kernel media subsystems (mc, v4l2). A race can occur when MEDIA_REQUEST_IOC_REINIT runs concurrently with VIDIOC_REQBUFS queue teardown, risking use-after-free of request objects. The root cause is lack of serialization across these paths; it is addressed by e...

7.8CVSS5.6AI score0.00017EPSS