VYPR

apk package

chainguard/linux-gcp-6.18-bootc-boot-installed

pkg:apk/chainguard/linux-gcp-6.18-bootc-boot-installed

Vulnerabilities (107)

  • CVE-2026-53149Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals

  • CVE-2026-53251Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync hci_get_route() returns a reference-counted hci_dev pointer via hci_dev_hold(). The function exits normally or with an error without ever re

  • CVE-2026-53145Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change_handle ioctl, attempt 4 [airlied: just added some comments on how to reenable] On-list because the cat is out of the bag and we're clearly not good enough to figure this out in privat

  • CVE-2026-53175Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush On netns teardown, fqdir_pre_exit() walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inet_frag_queu

  • CVE-2026-53277Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While thi

  • CVE-2026-53181Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix sk_ack_backlog leak on failed handshake When vmci_transport_recv_connecting_server() returns an error, vmci_transport_recv_listen() calls vsock_remove_pending() but never calls sk_acceptq_remove

  • CVE-2026-53150Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but caus

  • CVE-2026-53249Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. Thi

  • CVE-2026-53272Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_decompress z_erofs_decompress_kickoff() can race with filesystem unmount, causing a use-after-free on sbi->sync_decompress. When I/O completes, z_erofs_endio() calls z_er

  • CVE-2026-53162Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refill_stock Harry Yoo reported that get_random_u32_below() is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifica

  • CVE-2026-53151Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the

  • CVE-2026-53166Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -

  • CVE-2026-53255Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR types before checking that the c

  • CVE-2026-53237Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks w

  • CVE-2026-53160Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on

  • CVE-2026-53241Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the

  • CVE-2026-53144Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in get_queue_ids() When usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() returns NULL. The callers check only IS_ERR() on the return value; since IS_ERR(NU

  • CVE-2026-53164Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb iommu_dma_iova_link_swiotlb() processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because t

  • CVE-2026-53189Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter before folio_put() __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio_put() drops the last reference

  • CVE-2026-53199Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf netvsc_copy_to_send_buf() copies page buffer entries into the VMBus send buffer using phys_to_virt() on the entry PFN. Entries for the RNDIS header and

Page 2 of 6