VYPR

apk package

chainguard/linux-gcp-6.18-bootc-boot-installed

pkg:apk/chainguard/linux-gcp-6.18-bootc-boot-installed

Vulnerabilities (107)

  • CVE-2026-53190Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() dma_fence_unwrap_for_each() internally calls dma_fence_unwrap_first() which does cursor->chain = dma_fence_get(head), taking an ex

  • CVE-2026-53236Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This blocks potential side-channel attack where an un

  • CVE-2026-53135Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs [Why & How] dp_sdp_message_debugfs_write() dereferences connector->base.state->crtc without checking for NULL. A connector can be connected bu

  • CVE-2026-53258Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req i

  • CVE-2026-53207Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison Two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can trigger a recursive spinlock self-deadlock (AA deadlock) on

  • CVE-2026-53262Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() pppol2tp_ioctl() read sock->sk->sk_user_data directly without any locks or reference counting. If a controllable sleep was induced during copy_from

  • CVE-2026-53235Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: add pskb_may_pull() to skb_gro_receive_list() skb_gro_receive_list() calls skb_pull(skb, skb_gro_offset(skb)) without first ensuring the data is in the linear area via pskb_may_pull(). When the skb arrives

  • CVE-2026-53211Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register NFT_META_BRI_IIFHWADDR declares its destination register with len = ETH_ALEN (6 bytes), which the register-init tracking rounds up to two

  • CVE-2026-53142Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe->info.probe_display. It gets set to false if t

  • CVE-2026-53183Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the `window` field in the TCP header refers to the MPTCP-level rcv_nxt and it's right edge should not move backward. Such constraint is enforced at DS

  • CVE-2026-53252Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the

  • CVE-2026-53141Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on the perfmon it returns, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_del

  • CVE-2026-53217Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at dma_addr and o

  • CVE-2026-53263Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpan_iphc_mcast_ctx_addr_compress() uses &data[1] as destination and &ipaddr->s6_addr[11] as source, but both should be of

  • CVE-2026-53138Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops [Why & How] All record-chain walk loops in bios_parser.c and bios_parser2.c use for(;;) and only terminate on a 0xFF record_type sentinel or zero record_size

  • CVE-2026-53269Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concu

  • CVE-2026-53180Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix livelock in tmigr_handle_remote_up() tmigr_handle_remote_cpu() skips timer_expire_remote() when cpu == smp_processor_id(), assuming the local softirq path already handled this CPU's timers

  • CVE-2026-53233Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdev_nl_bind_rx_doit() Sashiko flags that genlmsg_reply() always consumes the skb. The error path calls nlmsg_free(rsp) so we can't jump directly to it. Let's not unbind, just propa

  • CVE-2026-53271Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo->conn into a local with neither READ_ONCE() nor a NULL check. Both run fro

  • CVE-2026-53246Jun 26, 2026
    affected < 6.18.38-r0fixed 6.18.38-r0

    In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing When a listening SCTP server processes a COOKIE_ECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its paramete

Page 3 of 6