VYPR

apk package

chainguard/linux-qemu-6.18-bootc-boot-installed

pkg:apk/chainguard/linux-qemu-6.18-bootc-boot-installed

Vulnerabilities (85)

  • CVE-2026-31592MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Take and hold kvm->lock for before checking sev_guest() in sev_mem_enc_register_region(), as sev_guest() isn't stable unless kvm->lock is

  • CVE-2026-31591MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing userspace to manipulate and/or run a vCPU while its stat

  • CVE-2026-31590MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing:

  • CVE-2026-31588HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO write, copy the to-be-written value to a scratch field in the MMIO fragment if the s

  • CVE-2026-31587HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both compone

  • CVE-2026-31586HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() cgwb_release_workfn() calls css_put(wb->blkcg_css) and then later accesses wb->blkcg_css again via blkcg_unpin_online(). If css_put() drops the last

  • CVE-2026-31585MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init [1]. When vidtv_start_streaming() fails inside vidtv_start_feed(), the nfeeds c

  • CVE-2026-31584HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix use-after-free in encoder release path The fops_vcodec_release() function frees the context structure (ctx) without first cancelling any pending or running work in ctx->encode_work.

  • CVE-2026-31583HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-free in em28xx_v4l2_open() em28xx_v4l2_open() reads dev->v4l2 without holding dev->lock, creating a race with em28xx_v4l2_init()'s error path and em28xx_v4l2_fini(), both of which f

  • CVE-2026-31582HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-free on USB disconnect After powerz_disconnect() frees the URB and releases the mutex, a subsequent powerz_read() call can acquire the mutex and call powerz_read_data(), which dere

  • CVE-2026-31581HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6fire_chip_abort(), the chip struct is allocated as the card's private data (via snd_card_new with sizeof(struct sfire_chip)). When snd_card_free_when_closed

  • CVE-2026-31580HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio use-after-free and crash In our production environment, we have received multiple crash reports regarding libceph, which have caught our attention: ``` [6888366.280350] Call Trace

  • CVE-2026-31579MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock() inside the pernet .pre_exit callback. This causes a hung task when another th

  • CVE-2026-31578HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free memory after the device is registered in as102_usb_probe() In as102_usb driver, the following race condition occurs: ``` CPU0 CPU1 as102_usb_probe() kzalloc(); // alloc as

  • CVE-2026-31577MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is initialized lazily during btree operations. However, nilfs_mdt_save_to_shadow_map()

  • CVE-2026-31576HigApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrf_probe() In hackrf driver, the following race condition occurs: ``` CPU0 CPU1 hackrf_probe() kzalloc(); // alloc hackrf_dev

  • CVE-2026-31575MedApr 24, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the page index for hugetlb_fault_mutex_hash(). However, linear_page_index() returns

  • CVE-2026-31574MedApr 24, 2026
    affected < 6.18.24-r2fixed 6.18.24-r2

    In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock

  • CVE-2026-31532HigApr 23, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rc

  • CVE-2026-31531MedApr 23, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSG_GOODSIZE. While sufficient for single

Page 4 of 5