- What is the Linux CNA?
- Linux is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 10,294 CVE records since 2024.
- How many CVEs has Linux published?
- Linux has published 10,294 CVE records, including 10,294 in the last two years.
- What is Linux's CVE data quality grade?
- RadicalNotion.AI grades Linux's CVE data quality as F, with an overall completeness score of 54.1%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (0%), and CWE (16.5%) information.
- What products does Linux publish CVEs for?
- Linux most frequently publishes CVEs for Linux, Linux Kernel, Kernel, debian linux, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP.
- Which vendors does Linux cover?
- Linux publishes CVEs across 2 distinct vendors, most often Linux, debian, Siemens, Red Hat, Intel Corporation.
- Is Linux actively publishing CVEs?
- Linux is currently active, based on 10,294 CVEs in the last two years.
- How many critical CVEs has Linux published?
- Linux has published 149 critical-severity CVEs and 3,194 high-severity CVEs.
- Are any of Linux's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 7 of Linux's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in Linux's CVEs?
- Linux's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-416 (Use After Free), CWE-401 (Missing Release of Memory after Effective Lifetime), CWE-667 (Improper Locking).
- How does Linux rank among CNAs?
- By total CVE volume, Linux ranks #7 of 370 CNAs, and it reports more complete CVE records than 9% of all CNAs.