VYPR

apk package

chainguard/linux-gcp-6.18-bootc-boot-installed

pkg:apk/chainguard/linux-gcp-6.18-bootc-boot-installed

Vulnerabilities (107)

  • CVE-2026-53254Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb->data to protocol-specific structs without validating skb->len first. A malicious remote device can send truncated MCC fra

  • CVE-2026-53157Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same li

  • CVE-2026-53163Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip remove_waiter() when waiter is not enqueued syzbot triggered the following splat in remove_waiter() via FUTEX_CMP_REQUEUE_PI: KASAN: null-ptr-deref in range [0x0000000000000a88-0x000000

  • CVE-2026-53253Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bnep_rx_frame() reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUI

  • CVE-2026-53134Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_fib: fix stale stack leak via the OIFNAME register For NFT_FIB_RESULT_OIFNAME the destination register is declared with len = IFNAMSIZ (four 32-bit registers), but on the lookup-fail, RTN_LOCAL a

  • CVE-2026-53140Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3d_rewrite_csd_job_wg_counts_from_indirect() maps both the indirect buffer and the workgroup buffer and is expected to release them before return

  • CVE-2026-53265Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de ("dm cache policy smq: fix missing locks in invalidating cache blocks") added mq->lock around the destructive part of smq_invalida

  • CVE-2026-53152Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mmc: dw_mmc-rockchip: Add missing private data for very old controllers The really old controllers (rk2928, rk3066, rk3188) do not support UHS speeds at all, and thus never handled phase data. For that reason

  • CVE-2026-53216Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGE_SIZE. The XDP path nevertheless initializes every xdp_buff with PAGE_SIZE as

  • CVE-2026-53153Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray entry on reparent memcg_reparent_list_lrus() clears the dying memcg's xarray entry with xas_store(&xas, NULL) before reparenting its per-node lists into the parent. Th

  • CVE-2026-53218Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_exthdr: fix register tracking for F_PRESENT flag nft_exthdr_init() passes user-controlled priv->len to nft_parse_register_store(), which marks that many bytes in the register bitmap as initialize

  • CVE-2026-53136Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size [Why & How] The VBIOS integrated info tables (v1_11 and v2_1) contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when

  • CVE-2026-53146Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size. When a short response arrive

  • CVE-2026-53195Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() build_i2c_fw_hdr() allocates a fixed-size buffer of (16*1024 - 512) + sizeof(struct ti_i2c_firmware_rec) bytes, then copies le16_to_cpu(img_header->Le

  • CVE-2026-53154Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via alloc_hugetlb_folio() (consuming a VMA reservation) and then call copy_user_large_foli

  • CVE-2026-53223Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: guard timestamp cmsgs to real error queue skbs skb_is_err_queue() treats PACKET_OUTGOING as the sole marker for an skb from sk_error_queue. That assumption is not true for AF_PACKET sockets: outgoing packe

  • CVE-2026-53132Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtio_transport_inc_rx_pkt() checks vvs->rx_bytes + len > vvs->buf_alloc. virtio_transport_recv_enqueue() skips coalescing for packets with VIRTIO_VSOCK_SEQ_EOM

  • CVE-2026-53210Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in register_shm_helper() register_shm_helper() allocates shm before calling iov_iter_npages(). If iov_iter_npages() returns 0, the function jumps to err_ctx_put and leaks shm. This can b

  • CVE-2026-53247Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown mtk_free_dev() calls metadata_dst_free() which frees the metadata_dst with kfree() immediately, bypassing the RCU grace period. In the RX

  • CVE-2026-53168Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: fuse: reject fuse_notify() pagecache ops on directories The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPEN_CAC

Page 1 of 6