apk package
chainguard/linux-gcp-6.12-fips-boot-installed
pkg:apk/chainguard/linux-gcp-6.12-fips-boot-installed
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38678 | — | < 6.12.60-r1 | 6.12.60-r1 | Sep 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo | ||
| CVE-2025-37803 | — | < 6.12.57-r0 | 6.12.57-r0 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. | ||
| CVE-2025-40014 | — | < 6.12.57-r0 | 6.12.57-r0 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go | ||
| CVE-2025-37925 | — | < 6.12.53-r0 | 6.12.53-r0 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsComm | ||
| CVE-2025-37860 | — | < 6.12.57-r0 | 6.12.57-r0 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_s | ||
| CVE-2025-23137 | — | < 6.12.51-r0 | 6.12.51-r0 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Check if policy is NULL before dereferencing it in amd_pstate_update. | ||
| CVE-2025-23130 | — | < 6.12.58-r0 | 6.12.58-r0 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 | ||
| CVE-2025-22105 | — | < 6.12.58-r0 | 6.12.58-r0 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link se | ||
| CVE-2025-21833 | — | < 6.12.57-r0 | 6.12.57-r0 | Mar 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a | ||
| CVE-2025-21751 | — | < 6.12.51-r0 | 6.12.51-r0 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, wh | ||
| CVE-2024-57995 | — | < 6.12.57-r0 | 6.12.57-r0 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12 | ||
| CVE-2023-4458 | — | < 0 | 0 | Nov 14, 2024 | A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i | ||
| CVE-2024-38381 | Hig | 7.1 | < 0 | 0 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and | |
| CVE-2023-6270 | — | < 0 | 0 | Jan 4, 2024 | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob | ||
| CVE-2023-3079 | — | KEV | < 0 | 0 | Jun 5, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2021-3669 | — | < 0 | 0 | Aug 26, 2022 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||
| CVE-2020-25672 | — | < 0 | 0 | May 25, 2021 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | ||
| CVE-2010-4563 | — | < 0 | 0 | Feb 2, 2012 | The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. | ||
| CVE-2007-4998 | — | < 0 | 0 | Jan 31, 2008 | cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | ||
| CVE-1999-0656 | — | < 0 | 0 | Jan 1, 1999 | The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. |
- CVE-2025-38678Sep 3, 2025affected < 6.12.60-r1fixed 6.12.60-r1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo
- CVE-2025-37803May 8, 2025affected < 6.12.57-r0fixed 6.12.57-r0
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
- CVE-2025-40014Apr 18, 2025affected < 6.12.57-r0fixed 6.12.57-r0
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go
- CVE-2025-37925Apr 18, 2025affected < 6.12.53-r0fixed 6.12.53-r0
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsComm
- CVE-2025-37860Apr 18, 2025affected < 6.12.57-r0fixed 6.12.57-r0
In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_s
- CVE-2025-23137Apr 16, 2025affected < 6.12.51-r0fixed 6.12.51-r0
In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Check if policy is NULL before dereferencing it in amd_pstate_update.
- CVE-2025-23130Apr 16, 2025affected < 6.12.58-r0fixed 6.12.58-r0
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0
- CVE-2025-22105Apr 16, 2025affected < 6.12.58-r0fixed 6.12.58-r0
In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link se
- CVE-2025-21833Mar 6, 2025affected < 6.12.57-r0fixed 6.12.57-r0
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a
- CVE-2025-21751Feb 27, 2025affected < 6.12.51-r0fixed 6.12.51-r0
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, wh
- CVE-2024-57995Feb 27, 2025affected < 6.12.57-r0fixed 6.12.57-r0
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12
- CVE-2023-4458Nov 14, 2024affected < 0fixed 0
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
- affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and
- CVE-2023-6270Jan 4, 2024affected < 0fixed 0
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob
- affected < 0fixed 0
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2021-3669Aug 26, 2022affected < 0fixed 0
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
- CVE-2020-25672May 25, 2021affected < 0fixed 0
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
- CVE-2010-4563Feb 2, 2012affected < 0fixed 0
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.
- CVE-2007-4998Jan 31, 2008affected < 0fixed 0
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
- CVE-1999-0656Jan 1, 1999affected < 0fixed 0
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.