Linux Kernel Security Intelligence
Know your kernel's
real exposure
Upload a .config and get a CycloneDX VEX report — filtered by kernel version, build configuration, and AI‑powered context analysis. Updated in real time as new CVEs appear.
Free tier · no credit card · no invitation needed
Free CVE Database
Browse and search all kernel CVEs instantly — including AI-assessed scores where NVD is still pending. Sign up free to run your first VEX analysis.
Version & Config-Aware VEX
Filter by kernel version and .config — get a CycloneDX VEX of precisely your build's exposure. Analyses update automatically when new CVEs land.
AI-Powered Context Analysis
Model your product's deployment context and interfaces. AI rules out CVEs that don't apply to your device.
See It In Action
Explore real analysis results — no account required.
Kernel .config VEX
The same kernel .config analysed with version and config filtering only. Pure config analysis — every CVE matching an enabled subsystem is reported, without deployment context.
Product Security Assessment
The same config with deployment context, interfaces, and hardening modelled. AI contextual analysis rules out CVEs that don't apply to this device.
High severity, AI-triaged
Latest Linux kernel disclosures
-
CVSS8.8NVD
netfilter ebt_snat ARP CorruptionCVE-2026-53266
An attacker (including an unprivileged local user via user namespaces) who can configure ebtables SNAT rules on a bridge can cause the kernel to write a MAC address directly into a…
-
CVSS7.8NVD
quota DquotScan RaceCVE-2026-53050
A race condition in the Linux kernel quota subsystem allows dquot_scan_active() to acquire a reference to a dquot that is concurrently being freed during quota deactivation. Under…
-
CVSS7.0AI
bluetooth hci_ldisc ProtoInit DerefCVE-2026-53073
A race condition in the Bluetooth HCI UART line discipline allows incoming UART data to reach a protocol-specific receive handler after resources have been freed when hci_register_…
-
CVSS7.1NVD
tun XDP Memory LeakCVE-2026-46321
Local users with access to /dev/net/tun and /dev/vhost-net can exhaust host memory by repeatedly sending malformed short frames through vhost-net. Each short frame leaks a page fra…
-
CVSS8.2NVD
isofs RockRidge OOBCVE-2026-46303
A crafted ISO 9660 image with malformed Rock Ridge CE records can cause the kernel to read blocks outside the mounted volume, potentially leaking limited data from adjacent filesys…
-
CVSS7.8NVD
bluetooth HciUart UAFCVE-2026-46275
Adjacent attackers within Bluetooth range can trigger use-after-free conditions in HCI UART lifecycle management, potentially leading to arbitrary kernel memory corruption. The vul…
-
CVSS8.8NVD
x86/amd OpCache IsolationCVE-2026-46174
AMD Zen2 processors fail to properly isolate shared resources in the operation cache, potentially allowing instruction corruption across security boundaries. This affects multi-ten…
-
CVSS7.1NVD
ima BprmCheck OOBCVE-2025-71306
Local users can trigger a stack out-of-bounds read in the IMA (Integrity Measurement Architecture) subsystem during file execution. The vulnerability occurs when IMA attempts to ap…
-
CVSS7.1NVD
ptrace DumpableCheck BypassCVE-2026-46333
Local users can bypass intended capability checks to access sensitive information from tasks without an associated memory context (e.g., kernel threads or recently exited processes…
Linux Kernel CVE Database
Freely searchable. Sourced from NVD and kernel.org's CVE v5 git feed, AI-enriched within minutes of publication.
| CVE ID | Severity | CVSS | Description | Introduced | Published |
|---|
Plans & Pricing
From free CVE intelligence to full AI-powered security assessments.
Free
Basic
Pro
Enterprise
Enterprise is our custom tier — contact sales and we'll agree on price and features for your needs (unlimited products, any kernel version). It's also the route for analyzing kernels on behalf of clients — security consultancies, auditors, managed-service providers — which is a separate field of use under our terms. Talk to sales.
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| VEX analyses / month | 2 | Unlimited | Unlimited | Unlimited |
| Persistent products | — | 3 | 10 | Unlimited |
| Kernel coverage | Current LTS | Current LTS | All active LTS + stable | Any version |
| CVE database search | ✓ | ✓ | ✓ | ✓ |
| Live CVE feed (AI + Dependency-Track) | Last 60 days | All CVEs | All CVEs | All CVEs |
| API access | Throttled | Throttled | Full speed | Full speed |
| CycloneDX VEX reports | ✓ | ✓ | ✓ | ✓ |
| AI contextual assessments | — | — | ✓ | Priority |
| Security factor analysis | — | — | ✓ | ✓ |
| Dashboard & email alerts | — | ✓ | ✓ | ✓ |
| Auto-push VEX to Dependency-Track | — | — | ✓ | ✓ |
| Team Support | — | — | — | ✓ |
| On Premise | — | — | — | ✓ |