Linux Kernel Security Intelligence
Know your kernel's
real exposure
Upload a .config and get a CycloneDX VEX report — filtered by kernel version, build configuration, and AI‑powered context analysis. Updated in real time as new CVEs appear.
Free CVE Database
Browse and search all kernel CVEs instantly — including AI-assessed scores where NVD is still pending. Sign up free to run your first VEX analysis.
Version & Config-Aware VEX
Filter by kernel version and .config — get a CycloneDX VEX of precisely your build's exposure. Analyses update automatically when new CVEs land.
AI-Powered Context Analysis
Model your product's deployment context and interfaces. AI rules out CVEs that don't apply to your device.
See It In Action
Explore real analysis results — no account required.
Kernel .config VEX
The same kernel .config analysed with version and config filtering only. Pure config analysis — every CVE matching an enabled subsystem is reported, without deployment context.
Product Security Assessment
The same config with deployment context, interfaces, and hardening modelled. AI contextual analysis rules out CVEs that don't apply to this device.
High severity, AI-triaged
Latest Linux kernel disclosures
-
CVSS7.8AI
net/smc ULP UAFCVE-2026-46330
Local users with low privileges can trigger use-after-free vulnerabilities by exploiting the SMC TCP ULP feature that improperly modifies VFS structures in-place. This can lead to…
-
CVSS7.8AI
net/gro ZeroCopy UAFCVE-2026-46323
Local attackers with low privileges can trigger use-after-free in the kernel's Generic Receive Offload (GRO) code by exploiting improper handling of zero-copy socket buffers. This…
-
CVSS7.8AI
kvm NestedMMU UAFCVE-2026-46317
Local attackers with low privileges can trigger a use-after-free in KVM's ARM64 nested virtualization by racing array reallocation with MMU notifier callbacks. This can lead to ker…
-
CVSS7.6AI
kvm vgic-its Cache UAFCVE-2026-46316
A malicious guest VM can trigger a use-after-free in KVM's ARM64 VGIC-ITS translation cache by concurrently invalidating cache entries from multiple vCPUs. The race causes a double…
-
CVSS7.5AI
net/core PPPoE DerefCVE-2026-46306
Remote attackers can crash systems by sending malformed PPPoE frames with Protocol Field Compression to any ethernet interface. The vulnerability causes unaligned memory access exc…
-
CVSS8.0AI
lib/scatterlist Iterator Length OOBCVE-2026-46289
A length calculation error in kernel iterator-to-scatterlist conversion can cause out-of-bounds memory access. Systems using network filesystems or other iterator-based operations…
-
CVSS7.1AI
mm VmallocRealloc OOBCVE-2026-46281
Local attackers with low privileges can trigger an out-of-bounds write in kernel memory through the vmalloc reallocation function. This can lead to kernel memory corruption, privil…
-
CVSS7.5AI
bluetooth HciUart UAFCVE-2026-46275
Adjacent attackers within Bluetooth range can trigger use-after-free conditions in HCI UART lifecycle management, potentially leading to arbitrary kernel memory corruption. The vul…
-
CVSS8.4AI
io_uring WorkQueue UAFCVE-2026-46274
Local unprivileged attackers can trigger a use-after-free in the io_uring work queue management, potentially leading to arbitrary code execution or system crashes. The vulnerabilit…
Linux Kernel CVE Database
Freely searchable. Sourced from NVD and kernel.org's CVE v5 git feed, AI-enriched within minutes of publication.
| CVE ID | Severity | CVSS | Description | Introduced | Published |
|---|
Plans & Pricing
From free CVE intelligence to full AI-powered security assessments.
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| VEX analyses / month | 2 | Unlimited | Unlimited | Unlimited |
| Persistent products | — | 3 | 10 | Unlimited |
| Kernel coverage | Current LTS | Current LTS | All active LTS + stable | Any version |
| CVE database search | ✓ | ✓ | ✓ | ✓ |
| Live CVE feed (AI + Dependency-Track) | Last 60 days | All CVEs | All CVEs | All CVEs |
| API access | Throttled | Throttled | Full speed | Full speed |
| CycloneDX VEX reports | ✓ | ✓ | ✓ | ✓ |
| AI contextual assessments | — | — | ✓ | Priority |
| Security factor analysis | — | — | ✓ | ✓ |
| Dashboard & email alerts | — | ✓ | ✓ | ✓ |
| Auto-push VEX to Dependency-Track | — | — | ✓ | ✓ |
| Team Support | — | — | — | ✓ |
| On Premise | — | — | — | ✓ |