Linux Kernel Security Intelligence
Know your kernel's
real exposure
Upload a .config and get a CycloneDX VEX report — filtered by kernel version, build configuration, and AI‑powered context analysis. Updated in real time as new CVEs appear.
Free tier · no credit card · no invitation needed
Free CVE Database
Browse and search all kernel CVEs instantly — including AI-assessed scores where NVD is still pending. Sign up free to run your first VEX analysis.
Version & Config-Aware VEX
Filter by kernel version and .config — get a CycloneDX VEX of precisely your build's exposure. Analyses update automatically when new CVEs land.
AI-Powered Context Analysis
Model your product's deployment context and interfaces. AI rules out CVEs that don't apply to your device.
See It In Action
Explore real analysis results — no account required.
Kernel .config VEX
The same kernel .config analysed with version and config filtering only. Pure config analysis — every CVE matching an enabled subsystem is reported, without deployment context.
Product Security Assessment
The same config with deployment context, interfaces, and hardening modelled. AI contextual analysis rules out CVEs that don't apply to this device.
High severity, AI-triaged
Latest Linux kernel disclosures
-
CVSS9.8NVD
ocfs2/dlm Region OOBCVE-2026-53309
A privileged local user or cluster node joining an OCFS2 cluster can trigger an out-of-bounds read in the DLM region comparison logic, potentially causing a kernel panic or crash.…
-
CVSS8.8NVD
iommu/vt-d DevPasid NullDerefCVE-2026-53281
A privileged process managing IOMMU PASID assignments can trigger a NULL pointer dereference or refcount underflow in the Intel VT-d driver when domain_remove_dev_pasid fails to fi…
-
CVSS8.8NVD
vfio/pci DMABUF Disable RaceCVE-2026-53322
A privileged user or compromised management daemon managing VFIO PCI passthrough devices could trigger a tiny race window during device shutdown where PCI BARs are disabled (MSE cl…
-
CVSS7.8NVD
enetc NTMP DMA UAFCVE-2026-53300
A DMA use-after-free vulnerability in the NXP ENETC NTMP driver allows a timed-out hardware command to write back to a DMA buffer that has already been freed and potentially reallo…
-
CVSS7.8NVD
drm/xe EUStall StreamClose UAFCVE-2026-53290
A use-after-free vulnerability exists in the Intel Xe GPU driver's EU stall sampling stream close path. A privileged user with access to the EU stall sampling interface can trigger…
-
CVSS7.5NVD
btrfs DirtyPages CleanupCVE-2026-53284
A local privileged user (root) who mounts a btrfs filesystem can trigger a kernel warning and improper cleanup of dirty extent buffers during transaction abort. When a write error…
-
CVSS9.8NVD
ipv6 SIT InnerHeader UAFCVE-2026-53228
A local user who can obtain CAP_NET_ADMIN (e.g., via user namespaces) can trigger a use-after-free read in the IPv6 SIT tunnel transmit path by sending GSO packets with cloned skb…
-
CVSS9.8NVD
rxrpc SACK Table OOBCVE-2026-53151
A remote attacker can send a specially crafted fragmented UDP packet carrying an RxRPC ACK to trigger an out-of-bounds read in the kernel's rxrpc ACK parser. This can lead to infor…
-
CVSS9.8NVD
isert LoginPDU UnderflowCVE-2026-53176
A remote attacker with no credentials can crash an iSCSI/iSER target node by sending a login PDU shorter than 76 bytes before any authentication occurs. The integer underflow cause…
Linux Kernel CVE Database
Freely searchable. Sourced from NVD and kernel.org's CVE v5 git feed, AI-enriched within minutes of publication.
| CVE ID | Severity | CVSS | Description | Introduced | Published |
|---|
Plans & Pricing
From free CVE intelligence to full AI-powered security assessments.
Free
Basic
Pro
Enterprise
Enterprise is our custom tier — contact sales and we'll agree on price and features for your needs (unlimited products, any kernel version). It's also the route for analyzing kernels on behalf of clients — security consultancies, auditors, managed-service providers — which is a separate field of use under our terms. Talk to sales.
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| VEX analyses / month | 2 | Unlimited | Unlimited | Unlimited |
| Persistent products | — | 3 | 10 | Unlimited |
| Kernel coverage | Current LTS | Current LTS | All active LTS + stable | Any version |
| CVE database search | ✓ | ✓ | ✓ | ✓ |
| Live CVE feed (AI + Dependency-Track) | Last 60 days | All CVEs | All CVEs | All CVEs |
| API access | Throttled | Throttled | Full speed | Full speed |
| CycloneDX VEX reports | ✓ | ✓ | ✓ | ✓ |
| AI contextual assessments | — | — | ✓ | Priority |
| Security factor analysis | — | — | ✓ | ✓ |
| Dashboard & email alerts | — | ✓ | ✓ | ✓ |
| Auto-push VEX to Dependency-Track | — | — | ✓ | ✓ |
| Team Support | — | — | — | ✓ |
| On Premise | — | — | — | ✓ |