VYPR

apk package

chainguard/linux-qemu-melange

pkg:apk/chainguard/linux-qemu-melange

Vulnerabilities (102)

  • CVE-2026-46203HigMay 28, 2026
    affected < 6.18.36-r0fixed 6.18.36-r0

    In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by S

  • CVE-2026-46017MedMay 27, 2026
    affected < 0fixed 0

    In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migrate_folio_move() records the deferred split queue state from src and replays it on dst. Replaying it after remove_migration_ptes(src, dst, 0) makes dst v

  • CVE-2026-46300HigMay 23, 2026
    affected < 6.18.34-r0fixed 6.18.34-r0

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally

  • CVE-2026-43500HigMay 11, 2026
    affected < 6.18.31-r0fixed 6.18.31-r0

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before

  • CVE-2026-43284HigMay 8, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th

  • CVE-2026-43228MedMay 6, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG_ON with error handling for CNID count checks In a06ec283e125 next_id, folder_count, and file_count in the super block info were expanded to 64 bits, and BUG_ONs were added to detect overflow. T

  • CVE-2026-43204MedMay 6, 2026
    affected < 0fixed 0

    In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6asm: drop DSP responses for closed data streams 'Commit a354f030dbce ("ASoC: qcom: q6asm: handle the responses after closing")' attempted to ignore DSP responses arriving after a stream had been c

  • CVE-2026-43131MedMay 6, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.

  • CVE-2025-71289MedMay 6, 2026
    affected < 6.18.34-r0fixed 6.18.34-r0

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state.

  • CVE-2026-43115MedMay 6, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called

  • CVE-2026-43045MedMay 1, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin a

  • CVE-2026-43042HigMay 1, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent

  • CVE-2026-43022MedMay 1, 2026
    affected < 6.18.28-r0fixed 6.18.28-r0

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le

  • CVE-2026-31777MedMay 1, 2026
    affected < 6.18.34-r0fixed 6.18.34-r0

    In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from

  • CVE-2026-31709HigMay 1, 2026
    affected < 6.18.34-r0fixed 6.18.34-r0

    In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th

  • CVE-2026-31688HigApr 27, 2026
    affected < 6.18.11-r0fixed 6.18.11-r0

    In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an

  • CVE-2026-31589CriApr 24, 2026
    affected < 0fixed 0

    In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the

  • CVE-2026-31574MedApr 24, 2026
    affected < 6.18.25-r0fixed 6.18.25-r0

    In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock

  • CVE-2026-31420MedApr 13, 2026
    affected < 6.18.34-r0fixed 6.18.34-r0

    In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied interval value from netlink without validation. When interval is 0, usecs_to_jif

  • CVE-2026-23442MedApr 3, 2026
    affected < 0fixed 0

    In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by

Page 1 of 6