apk package

chainguard/linux-gcp-6.12

pkg:apk/chainguard/linux-gcp-6.12

Vulnerabilities (252)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-43284	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 8, 2026	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43131	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2026-43118	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042	Hig	7.1	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31787	Hig	7.8	< 6.12.89-r0	6.12.89-r0	Apr 30, 2026	In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the
CVE-2026-31786	Hig	7.8	< 6.12.89-r0	6.12.89-r0	Apr 30, 2026	In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid
CVE-2026-31647	Med	5.5	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpf_vc_xn struct. The conversion is safe because complete/_all() are ca
CVE-2026-31629	Hig	8.8	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but
CVE-2026-31627	Hig	7.8	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX before
CVE-2026-31626	Hig	7.1	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) v
CVE-2026-31625	Med	5.5	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them") attempted to fix up the HID drivers that had missed the
CVE-2026-31624	Med	5.5	< 6.12.85-r0	6.12.85-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a value that comes directly from a HID device. The HID parser bounds report_size onl

CVE-2026-43284HigMay 8, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43131MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2026-43118MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31787HigApr 30, 2026
affected < 6.12.89-r0fixed 6.12.89-r0
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the
CVE-2026-31786HigApr 30, 2026
affected < 6.12.89-r0fixed 6.12.89-r0
In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid
CVE-2026-31647MedApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpf_vc_xn struct. The conversion is safe because complete/_all() are ca
CVE-2026-31629HigApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but
CVE-2026-31627HigApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX before
CVE-2026-31626HigApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) v
CVE-2026-31625MedApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them") attempted to fix up the HID drivers that had missed the
CVE-2026-31624MedApr 24, 2026
affected < 6.12.85-r0fixed 6.12.85-r0
In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a value that comes directly from a HID device. The HID parser bounds report_size onl

Page 1 of 13