apk package

chainguard/linux-azure-6.12

pkg:apk/chainguard/linux-azure-6.12

Vulnerabilities (234)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-43284	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 8, 2026	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43131	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2026-43118	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042	Hig	7.1	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31717	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31715	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31709	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th
CVE-2026-31787	Hig	7.8	< 6.12.85-r2	6.12.85-r2	Apr 30, 2026	In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the
CVE-2026-31786	Hig	7.8	< 6.12.85-r2	6.12.85-r2	Apr 30, 2026	In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid
CVE-2026-31692	Med	5.5	< 6.12.85-r2	6.12.85-r2	Apr 30, 2026	In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allo
CVE-2026-31688	Hig	7.8	< 6.12.85-r2	6.12.85-r2	Apr 27, 2026	In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an

CVE-2026-43284HigMay 8, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43131MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2026-43118MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31717HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31715HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31709HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th
CVE-2026-31787HigApr 30, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the
CVE-2026-31786HigApr 30, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid
CVE-2026-31692MedApr 30, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allo
CVE-2026-31688HigApr 27, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an

Page 1 of 12