apk package
chainguard/linux-qemu-generic-headers
pkg:apk/chainguard/linux-qemu-generic-headers
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39180 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio | ||
| CVE-2023-39179 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i | ||
| CVE-2023-39176 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this | ||
| CVE-2023-4458 | — | < 0 | 0 | Nov 14, 2024 | A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i | ||
| CVE-2024-38381 | Hig | 7.1 | < 0 | 0 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and | |
| CVE-2023-6270 | — | < 0 | 0 | Jan 4, 2024 | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob | ||
| CVE-2024-0193 | Hig | 7.8 | < 6.16.6-r0 | 6.16.6-r0 | Jan 2, 2024 | A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, al | |
| CVE-2023-7042 | — | < 6.16.6-r0 | 6.16.6-r0 | Dec 21, 2023 | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | ||
| CVE-2023-3079 | — | KEV | < 0 | 0 | Jun 5, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2021-3669 | — | < 0 | 0 | Aug 26, 2022 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||
| CVE-2020-25672 | — | < 0 | 0 | May 25, 2021 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | ||
| CVE-2007-4998 | — | < 0 | 0 | Jan 31, 2008 | cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | ||
| CVE-1999-0656 | — | < 0 | 0 | Jan 1, 1999 | The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. |
- CVE-2023-39180Nov 18, 2024affected < 0fixed 0
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio
- CVE-2023-39179Nov 18, 2024affected < 0fixed 0
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
- CVE-2023-39176Nov 18, 2024affected < 0fixed 0
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this
- CVE-2023-4458Nov 14, 2024affected < 0fixed 0
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
- affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and
- CVE-2023-6270Jan 4, 2024affected < 0fixed 0
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob
- affected < 6.16.6-r0fixed 6.16.6-r0
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, al
- CVE-2023-7042Dec 21, 2023affected < 6.16.6-r0fixed 6.16.6-r0
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.
- affected < 0fixed 0
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2021-3669Aug 26, 2022affected < 0fixed 0
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
- CVE-2020-25672May 25, 2021affected < 0fixed 0
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
- CVE-2007-4998Jan 31, 2008affected < 0fixed 0
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
- CVE-1999-0656Jan 1, 1999affected < 0fixed 0
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.