Linux
Linux is a family of open source Unix-like operating systems based on the Linux kernel, a kernel first released on 17 September 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which includes the kernel and supporting system software and libraries – most of which are provided by third parties – to create a complete operating system. Linux was originally designed as a clone of Unix and is released under the copyleft GPL license.
Products
773- 15,318 CVEs
- 89 CVEs
- 50 CVEs
- 39 CVEs
- 33 CVEs
- 29 CVEs
- 27 CVEs
- 26 CVEs
- 26 CVEs
- 21 CVEs
- 19 CVEs
- 18 CVEs
- 17 CVEs
- 17 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- 14 CVEs
- 12 CVEs
- 10 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- View all 773 products →
Recent CVEs
15,502| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000253 | Hig | 0.73 | 7.8 | 0.11 | KEV | Oct 5, 2017 | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86… | |
| CVE-2017-0561 | Cri | 0.69 | 9.8 | 0.30 | Apr 7, 2017 | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC.… | ||
| CVE-2013-6282 | Hig | 0.68 | 8.8 | 0.40 | KEV | Nov 20, 2013 | The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited… | |
| CVE-1999-0426 | Cri | 0.68 | 9.8 | 0.11 | Mar 1, 1999 | The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | ||
| CVE-2018-14634 | Hig | 0.67 | 7.8 | 0.15 | KEV | Sep 25, 2018 | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are… | |
| CVE-2010-3904 | Hig | 0.67 | 7.8 | 0.11 | KEV | Dec 6, 2010 | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the… | |
| CVE-2016-7117 | Cri | 0.66 | 9.8 | 0.24 | Oct 10, 2016 | Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | ||
| CVE-2016-3955 | Cri | 0.66 | 9.8 | 0.26 | Jul 3, 2016 | The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. | ||
| CVE-2013-2094 | Hig | 0.66 | 8.4 | 0.48 | KEV | May 14, 2013 | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. | |
| CVE-2017-7895 | Cri | 0.65 | 9.8 | 0.11 | Apr 28, 2017 | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to… | ||
| CVE-2003-0252 | Cri | 0.65 | 9.8 | 0.16 | Aug 18, 2003 | Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | ||
| CVE-2026-23240 | Cri | 0.64 | 9.8 | 0.00 | Mar 10, 2026 | In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called from tls_sk_proto_close(), tx_work_handler() can still be scheduled… | ||
| CVE-2026-22984 | Cri | 0.64 | 9.8 | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ] | ||
| CVE-2025-68263 | Cri | 0.64 | 9.8 | 0.00 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler… | ||
| CVE-2024-38612 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't… | ||
| CVE-2018-5703 | Cri | 0.64 | 9.8 | 0.03 | Jan 16, 2018 | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. | ||
| CVE-2017-6211 | Cri | 0.64 | 9.8 | 0.01 | Dec 5, 2017 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. | ||
| CVE-2017-14909 | Cri | 0.64 | 9.8 | 0.01 | Dec 5, 2017 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | ||
| CVE-2017-13715 | Cri | 0.64 | 9.8 | 0.10 | Aug 29, 2017 | The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a… | ||
| CVE-2016-10343 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. |
- risk 0.73cvss 7.8epss 0.11
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86…
- risk 0.69cvss 9.8epss 0.30
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC.…
- risk 0.68cvss 8.8epss 0.40
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited…
- risk 0.68cvss 9.8epss 0.11
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
- risk 0.67cvss 7.8epss 0.15
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are…
- risk 0.67cvss 7.8epss 0.11
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the…
- risk 0.66cvss 9.8epss 0.24
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
- risk 0.66cvss 9.8epss 0.26
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
- risk 0.66cvss 8.4epss 0.48
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
- risk 0.65cvss 9.8epss 0.11
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to…
- risk 0.65cvss 9.8epss 0.16
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
- risk 0.64cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called from tls_sk_proto_close(), tx_work_handler() can still be scheduled…
- risk 0.64cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
- risk 0.64cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler…
- risk 0.64cvss 9.8epss 0.01
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't…
- risk 0.64cvss 9.8epss 0.03
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
- risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
- risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
- risk 0.64cvss 9.8epss 0.10
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a…
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.