apk package

chainguard/linux-qemu-melange

pkg:apk/chainguard/linux-qemu-melange

Vulnerabilities (96)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-43500	Hig	7.8	< 6.18.31-r0	6.18.31-r0	May 11, 2026	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before
CVE-2026-43284	Hig	8.8	< 6.18.28-r0	6.18.28-r0	May 8, 2026	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43228	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG_ON with error handling for CNID count checks In a06ec283e125 next_id, folder_count, and file_count in the super block info were expanded to 64 bits, and BUG_ONs were added to detect overflow. T
CVE-2026-43131	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43115	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43045	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin a
CVE-2026-43042	Hig	7.1	< 6.18.28-r0	6.18.28-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43022	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777	Med	5.5	< 6.18.28-r0	6.18.28-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31709	Hig	8.8	< 6.18.28-r0	6.18.28-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th
CVE-2026-31688	Hig	7.8	< 6.18.28-r0	6.18.28-r0	Apr 27, 2026	In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an
CVE-2026-31589	Cri	9.8	< 0	0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the
CVE-2026-31574	Med	5.5	< 6.18.25-r0	6.18.25-r0	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock
CVE-2026-23442	Med	5.5	< 0	0	Apr 3, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by
CVE-2025-71074		—	< 6.18.21-r0	6.18.21-r0	Jan 13, 2026	In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on functionfs (both ep0 and dy
CVE-2023-39180		—	< 0	0	Nov 18, 2024	A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio
CVE-2023-39179		—	< 0	0	Nov 18, 2024	A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
CVE-2023-39176		—	< 0	0	Nov 18, 2024	A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this
CVE-2023-52904		—	< 0	0	Aug 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
CVE-2023-6535		—	< 6.18.16-r0	6.18.16-r0	Feb 7, 2024	A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

CVE-2026-43500HigMay 11, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before
CVE-2026-43284HigMay 8, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43228MedMay 6, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG_ON with error handling for CNID count checks In a06ec283e125 next_id, folder_count, and file_count in the super block info were expanded to 64 bits, and BUG_ONs were added to detect overflow. T
CVE-2026-43131MedMay 6, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43115MedMay 6, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43045MedMay 1, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin a
CVE-2026-43042HigMay 1, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43022MedMay 1, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777MedMay 1, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31709HigMay 1, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th
CVE-2026-31688HigApr 27, 2026
affected < 6.18.28-r0fixed 6.18.28-r0
In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an
CVE-2026-31589CriApr 24, 2026
affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the
CVE-2026-31574MedApr 24, 2026
affected < 6.18.25-r0fixed 6.18.25-r0
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock
CVE-2026-23442MedApr 3, 2026
affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by
CVE-2025-71074Jan 13, 2026
affected < 6.18.21-r0fixed 6.18.21-r0
In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on functionfs (both ep0 and dy
CVE-2023-39180Nov 18, 2024
affected < 0fixed 0
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio
CVE-2023-39179Nov 18, 2024
affected < 0fixed 0
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
CVE-2023-39176Nov 18, 2024
affected < 0fixed 0
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this
CVE-2023-52904Aug 21, 2024
affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
CVE-2023-6535Feb 7, 2024
affected < 6.18.16-r0fixed 6.18.16-r0
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

Page 1 of 5