4
CVEs
0
Critical
1
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
1
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (18)
Linux Kernel
7
Debian Linux
2
Android
2
Latitude 7030 Rugged Extreme Tablet Firmware
1
Latitude 7350 Detachable Firmware
1
Latitude 7350 Firmware
1
Latitude 7450 Firmware
1
Latitude 7650 Firmware
1
Latitude 9450 2 In 1 Firmware
1
Latitutde 5450 Firmware
1
Mobile Precision 3591 Firmware
1
Precision 3490 Firmware
1
Precision 3590 Firmware
1
Pro Rugged 13 Ra13250 Firmware
1
Pro Rugged 14 Rb14250 Firmware
1
Ubuntu
1
Latitude 5350 Firmware
1
Latitude 5550 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-43347 | Memory corruption in Linux kernel on Qualcomm Monaco-based ARM64 platforms causes kernel crashes through synchronous external aborts when accessing hypervisor-owned memory incorrectly marked as conventional RAM. The firmware's EFI memory map only reserves 288 KiB of a 512 KiB Gunyah hypervisor metadata region (0x91a80000-0x91afffff), leaving 224 KiB exploitable for triggering fatal aborts. Patches available for stable branches 6.18.24, 6.19.14, and 7.0 series. EPSS exploitation probability is very low (0.02%, 4th percentile) with no known active exploitation or public POC, indicating limited real-world threat despite CVSS 7.5 rating. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-43412 | NULL pointer dereference in the Linux kernel's ASoC QCOM QDSP6 subsystem crashes systems built on Qualcomm SA8775P and SC8280XP SoCs during ADSP protection-domain restart cycles. The crash occurs because the q6apm-audio .remove callback prematurely deletes Runtime Descriptions (RTDs) containing q6apm DAI components during ASoC teardown, leaving those components still linked to the sound card and triggering a kernel oops on the subsequent rebind. Impact is limited to availability (kernel panic/denial of service); no public exploit has been identified at time of analysis, and EPSS at 0.02% reflects very low widespread exploitation probability. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2026-23115 | A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available. | MEDIUM | 4.7 | 0.0% | 24 |
|
| CVE-2026-46055 | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.0 | – | 0.0% | – |
|