apk package
chainguard/linux-gcp-6.18-bootc-boot-installed
pkg:apk/chainguard/linux-gcp-6.18-bootc-boot-installed
Vulnerabilities (107)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-53149 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals | ||
| CVE-2026-53251 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever re | ||
| CVE-2026-53145 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change_handle ioctl, attempt 4 [airlied: just added some comments on how to reenable] On-list because the cat is out of the bag and we're clearly not good enough to figure this out in privat | ||
| CVE-2026-53175 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush On netns teardown, fqdir_pre_exit() walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inet_frag_queu | ||
| CVE-2026-53277 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While thi | ||
| CVE-2026-53181 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix sk_ack_backlog leak on failed handshake When vmci_transport_recv_connecting_server() returns an error, vmci_transport_recv_listen() calls vsock_remove_pending() but never calls sk_acceptq_remove | ||
| CVE-2026-53150 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but caus | ||
| CVE-2026-53249 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. Thi | ||
| CVE-2026-53272 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_decompress z_erofs_decompress_kickoff() can race with filesystem unmount, causing a use-after-free on sbi->sync_decompress. When I/O completes, z_erofs_endio() calls z_er | ||
| CVE-2026-53162 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refill_stock Harry Yoo reported that get_random_u32_below() is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifica | ||
| CVE-2026-53151 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the | ||
| CVE-2026-53166 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns - | ||
| CVE-2026-53255 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR types before checking that the c | ||
| CVE-2026-53237 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks w | ||
| CVE-2026-53160 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on | ||
| CVE-2026-53241 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the | ||
| CVE-2026-53144 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in get_queue_ids() When usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() returns NULL. The callers check only IS_ERR() on the return value; since IS_ERR(NU | ||
| CVE-2026-53164 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb iommu_dma_iova_link_swiotlb() processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because t | ||
| CVE-2026-53189 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference | ||
| CVE-2026-53199 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf netvsc_copy_to_send_buf() copies page buffer entries into the VMBus send buffer using phys_to_virt() on the entry PFN. Entries for the RNDIS header and |
- CVE-2026-53149Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals
- CVE-2026-53251Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever re
- CVE-2026-53145Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change_handle ioctl, attempt 4 [airlied: just added some comments on how to reenable] On-list because the cat is out of the bag and we're clearly not good enough to figure this out in privat
- CVE-2026-53175Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush On netns teardown, fqdir_pre_exit() walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inet_frag_queu
- CVE-2026-53277Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While thi
- CVE-2026-53181Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix sk_ack_backlog leak on failed handshake When vmci_transport_recv_connecting_server() returns an error, vmci_transport_recv_listen() calls vsock_remove_pending() but never calls sk_acceptq_remove
- CVE-2026-53150Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but caus
- CVE-2026-53249Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. Thi
- CVE-2026-53272Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_decompress z_erofs_decompress_kickoff() can race with filesystem unmount, causing a use-after-free on sbi->sync_decompress. When I/O completes, z_erofs_endio() calls z_er
- CVE-2026-53162Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refill_stock Harry Yoo reported that get_random_u32_below() is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifica
- CVE-2026-53151Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the
- CVE-2026-53166Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -
- CVE-2026-53255Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR types before checking that the c
- CVE-2026-53237Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks w
- CVE-2026-53160Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on
- CVE-2026-53241Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the
- CVE-2026-53144Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in get_queue_ids() When usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() returns NULL. The callers check only IS_ERR() on the return value; since IS_ERR(NU
- CVE-2026-53164Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb iommu_dma_iova_link_swiotlb() processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because t
- CVE-2026-53189Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference
- CVE-2026-53199Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf netvsc_copy_to_send_buf() copies page buffer entries into the VMBus send buffer using phys_to_virt() on the entry PFN. Entries for the RNDIS header and
Page 2 of 6