Linux Kernel Security Intelligence
Know your kernel's
real exposure
Upload a .config and get a CycloneDX VEX report — filtered by kernel version, build configuration, and AI‑powered context analysis. Updated in real time as new CVEs appear.
Free tier · no credit card · no invitation needed
Free CVE Database
Browse and search all kernel CVEs instantly — including AI-assessed scores where NVD is still pending. Sign up free to run your first VEX analysis.
Version & Config-Aware VEX
Filter by kernel version and .config — get a CycloneDX VEX of precisely your build's exposure. Analyses update automatically when new CVEs land.
AI-Powered Context Analysis
Model your product's deployment context and interfaces. AI rules out CVEs that don't apply to your device.
See It In Action
Explore real analysis results — no account required.
Kernel .config VEX
The same kernel .config analysed with version and config filtering only. Pure config analysis — every CVE matching an enabled subsystem is reported, without deployment context.
Product Security Assessment
The same config with deployment context, interfaces, and hardening modelled. AI contextual analysis rules out CVEs that don't apply to this device.
High severity, AI-triaged
Latest Linux kernel disclosures
-
CVSS9.3AI
xfrm iptfs SharedFrag CorruptionCVE-2026-53363
When IP-TFS aggregates inner packets for ESP encryption, iptfs_consume_frags() fails to propagate the SKBFL_SHARED_FRAG flag while transferring paged fragments between socket buffe…
-
CVSS8.8AI
kvm SEV PSC OOB WriteCVE-2026-53360
A malicious SEV-SNP guest can exploit missing bounds validation in the host kernel's Page State Change (PSC) handler to perform out-of-bounds reads and writes on host kernel heap m…
-
CVSS8.1AI
ipv6 FragGap OOB WriteCVE-2026-53362
An unprivileged local user can trigger a heap out-of-bounds write in the IPv6 output path by sending UDPv6 data with MSG_MORE and MSG_SPLICE_PAGES flags. The write corrupts the skb…
-
CVSS7.8AI
JanuscapeCVE-2026-53359
A local unprivileged user running a guest VM can trigger a use-after-free in the KVM shadow paging subsystem by manipulating guest page directory entries to cause a role mismatch i…
-
CVSS7.0AI
bluetooth L2CAP CleanupListen UAFCVE-2026-53357
A local unprivileged user who can open Bluetooth L2CAP sockets can trigger a use-after-free by racing a listening socket close against a concurrent HCI disconnect. The freed child…
-
CVSS7.3AI
arm64 TLBI Completion RaceCVE-2026-53354
Certain Arm CPU cores (Cortex-A76/A77/A78/X1/X2/X3/X4/X925, Neoverse-N1/N2/V1/V2/V3, C1-Premium/Ultra) have a hardware race condition where a broadcast TLBI;DSB sequence may comple…
-
CVSS7.0AI
drm/amd/display Vector Reserve OverflowCVE-2026-53329
A privileged local user or process with access to AMD GPU display configuration can trigger an integer overflow in the display core vector reserve function, causing krealloc to ret…
-
CVSS9.8NVD
ocfs2/dlm Region OOBCVE-2026-53309
A privileged local user or cluster node joining an OCFS2 cluster can trigger an out-of-bounds read in the DLM region comparison logic, potentially causing a kernel panic or crash.…
-
CVSS8.8NVD
vfio/pci DMABUF Disable RaceCVE-2026-53322
A privileged user or compromised management daemon managing VFIO PCI passthrough devices could trigger a tiny race window during device shutdown where PCI BARs are disabled (MSE cl…
Linux Kernel CVE Database
Freely searchable. Sourced from NVD and kernel.org's CVE v5 git feed, AI-enriched within minutes of publication.
| CVE ID | Severity | CVSS | Description | Introduced | Published |
|---|
Plans & Pricing
From free CVE intelligence to full AI-powered security assessments.
Free
Basic
Pro
Enterprise
Enterprise is our custom tier — contact sales and we'll agree on price and features for your needs (unlimited products, any kernel version). It's also the route for analyzing kernels on behalf of clients — security consultancies, auditors, managed-service providers — which is a separate field of use under our terms. Talk to sales.
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| VEX analyses / month | 2 | Unlimited | Unlimited | Unlimited |
| Persistent products | — | 3 | 10 | Unlimited |
| Kernel coverage | Current LTS | Current LTS | All active LTS + stable | Any version |
| CVE database search | ✓ | ✓ | ✓ | ✓ |
| Live CVE feed (AI + Dependency-Track) | Last 60 days | All CVEs | All CVEs | All CVEs |
| API access | Throttled | Throttled | Full speed | Full speed |
| CycloneDX VEX reports | ✓ | ✓ | ✓ | ✓ |
| AI contextual assessments | — | — | ✓ | Priority |
| Security factor analysis | — | — | ✓ | ✓ |
| Dashboard & email alerts | — | ✓ | ✓ | ✓ |
| Auto-push VEX to Dependency-Track | — | — | ✓ | ✓ |
| Team Support | — | — | — | ✓ |
| On Premise | — | — | — | ✓ |