apk package
chainguard/linux-gcp-6.18-bootc-boot-installed
pkg:apk/chainguard/linux-gcp-6.18-bootc-boot-installed
Vulnerabilities (107)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-53205 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are | ||
| CVE-2026-53226 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irq_alloc_domain_generic_chips() during probe. However, on driver remove/teardown, the generic chips are not a | ||
| CVE-2026-53192 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at snd_timer_user_params() At releasing a timer object, e.g. when a userspace timer (CONFIG_SND_UTIMER) gets closed and snd_timer_free() is called, it tries to detach the timer instances an | ||
| CVE-2026-53214 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanup_prefix_route() addrconf_get_prefix_route() can return the fib6_null_entry sentinel entry which has a NULL fib6_table pointer. Therefore, before setting the route's expiratio | ||
| CVE-2026-53197 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state() iptfs_destroy_state() calls hrtimer_cancel() while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. | ||
| CVE-2026-53147 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for | ||
| CVE-2026-53202 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 26, 2026 | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) | ||
| CVE-2026-53275 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: ipv6: mcast: Fix use-after-free when processing MLD queries | |
| CVE-2026-53274 | low | 5.5 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS | |
| CVE-2026-53273 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: tee: optee: prevent use-after-free when the client exits before the supplicant | ||
| CVE-2026-53270 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: ipvs: clear the svc scheduler ptr early on edit | |
| CVE-2026-53267 | imp | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: netfilter: nft_ct: bail out on template ct in get eval | |
| CVE-2026-53264 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle | |
| CVE-2026-53259 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: ipv6: anycast: insert aca into global hash under idev->lock | |
| CVE-2026-53256 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() | |
| CVE-2026-53248 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net: airoha: Fix use-after-free in metadata dst teardown | ||
| CVE-2026-53234 | — | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net: ibm: emac: Fix use-after-free during device removal | ||
| CVE-2026-53230 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list | |
| CVE-2026-53229 | mod | 5.5 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure | |
| CVE-2026-53228 | mod | 7.0 | < 6.18.38-r0 | 6.18.38-r0 | Jun 25, 2026 | kernel: ipv6: sit: reload inner IPv6 header after GSO offloads |
- CVE-2026-53205Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are
- CVE-2026-53226Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irq_alloc_domain_generic_chips() during probe. However, on driver remove/teardown, the generic chips are not a
- CVE-2026-53192Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at snd_timer_user_params() At releasing a timer object, e.g. when a userspace timer (CONFIG_SND_UTIMER) gets closed and snd_timer_free() is called, it tries to detach the timer instances an
- CVE-2026-53214Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanup_prefix_route() addrconf_get_prefix_route() can return the fib6_null_entry sentinel entry which has a NULL fib6_table pointer. Therefore, before setting the route's expiratio
- CVE-2026-53197Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state() iptfs_destroy_state() calls hrtimer_cancel() while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems.
- CVE-2026-53147Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for
- CVE-2026-53202Jun 26, 2026affected < 6.18.38-r0fixed 6.18.38-r0
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000)
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: ipv6: mcast: Fix use-after-free when processing MLD queries
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
- CVE-2026-53273Jun 25, 2026affected < 6.18.38-r0fixed 6.18.38-r0
kernel: tee: optee: prevent use-after-free when the client exits before the supplicant
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: ipvs: clear the svc scheduler ptr early on edit
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: netfilter: nft_ct: bail out on template ct in get eval
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: ipv6: anycast: insert aca into global hash under idev->lock
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()
- CVE-2026-53248Jun 25, 2026affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net: airoha: Fix use-after-free in metadata dst teardown
- CVE-2026-53234Jun 25, 2026affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net: ibm: emac: Fix use-after-free during device removal
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
- affected < 6.18.38-r0fixed 6.18.38-r0
kernel: ipv6: sit: reload inner IPv6 header after GSO offloads
Page 4 of 6