Linux Kernel Security Intelligence
Know your kernel's
real exposure
Upload a .config and get a CycloneDX VEX report — filtered by kernel version, build configuration, and AI‑powered context analysis. Updated in real time as new CVEs appear.
Free CVE Database
Browse and search all kernel CVEs instantly — including AI-assessed scores where NVD is still pending. Sign up free to run your first VEX analysis.
Version & Config-Aware VEX
Filter by kernel version and .config — get a CycloneDX VEX of precisely your build's exposure. Analyses update automatically when new CVEs land.
AI-Powered Context Analysis
Model your product's deployment context and interfaces. AI rules out CVEs that don't apply to your device.
See It In Action
Explore real analysis results — no account required.
Kernel .config VEX
The same kernel .config analysed with version and config filtering only. Pure config analysis — every CVE matching an enabled subsystem is reported, without deployment context.
Product Security Assessment
The same config with deployment context, interfaces, and hardening modelled. AI contextual analysis rules out CVEs that don't apply to this device.
High severity, AI-triaged
Latest Linux kernel disclosures
-
NVD
netfilter EUI64 DerefCVE-2026-31685
9.4
Remote attackers can cause kernel crashes by sending IPv6 packets to systems using netfilter eui64 match rules where the packet lacks a valid MAC header. The vulnerability allows d…
-
NVD
batman-adv OGM OverflowCVE-2026-31683
7.8
Adjacent attackers can trigger a heap buffer overflow in the batman-adv mesh networking protocol by sending crafted OGM packets to a forwarding node that has an undersized aggregat…
-
NVD
openvswitch MPLS OverflowCVE-2026-31679
7.1
OpenVSwitch fails to validate MPLS action payload lengths, allowing local attackers with CAP_NET_ADMIN (obtainable via unprivileged user namespaces) to trigger an out-of-bounds rea…
-
NVD
bridge ND Options OOBCVE-2026-31682
9.1
Network attackers can trigger an out-of-bounds read in the Linux bridge's IPv6 neighbor discovery processing by sending crafted packets with non-linear option data. This leaks limi…
-
NVD
net/ipv6 FlowLabel UAFCVE-2026-31680
7.8
Local users with low privileges can trigger a kernel crash or leak heap information by racing exclusive flowlabel cleanup with /proc/net/ip6_flowlabel reads. This causes a use-afte…
-
NVD
openvswitch Tunnel RaceCVE-2026-31678
7.8
A race condition in Open vSwitch tunnel destruction leads to use-after-free when concurrent RCU readers access the netdev structure after its reference is dropped. On default kerne…
-
NVD
rxrpc Response RaceCVE-2026-31676
7.5
Network attackers can trigger a state handling flaw in RxRPC service connection handling by sending duplicate or late RESPONSE packets, causing kernel crashes or denial of service.…
-
NVD
net/sched Netem OOBCVE-2026-31675
7.8
Systems using netem packet corruption for network testing are vulnerable to kernel memory corruption. An unprivileged user with access to user namespaces, or an administrator with…
-
NVD
af_unix Diag RaceCVE-2026-31673
7.8
Local users with low privileges can trigger a race condition in Unix socket diagnostics that may leak kernel memory contents. The vulnerability occurs when reading VFS information…
Linux Kernel CVE Database
Freely searchable. Sourced from NVD and kernel.org's CVE v5 git feed, AI-enriched within minutes of publication.
| CVE ID | Severity | CVSS | Description | Introduced | Published |
|---|
Plans & Pricing
From free CVE intelligence to full AI-powered security assessments.
Free
Basic
Pro
Enterprise
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| VEX analyses / month | 2 | Unlimited | Unlimited | Unlimited |
| Persistent products | — | 3 | 10 | Unlimited |
| Kernel coverage | Current LTS | Current LTS | Up to 3 years old | Any version |
| CVE database search | ✓ | ✓ | ✓ | ✓ |
| Live CVE feed (AI + Dependency-Track) | Last 60 days | All CVEs | All CVEs | All CVEs |
| API access | Throttled | Throttled | Full speed | Full speed |
| CycloneDX VEX reports | ✓ | ✓ | ✓ | ✓ |
| AI contextual assessments | — | — | ✓ | Priority |
| Security factor analysis | — | — | ✓ | ✓ |
| Dashboard & email alerts | — | ✓ | ✓ | ✓ |
| Auto-push VEX to Dependency-Track | — | — | — | ✓ |