VYPR

apk package

chainguard/linux-qemu-melange

pkg:apk/chainguard/linux-qemu-melange

Vulnerabilities (102)

  • CVE-2025-71074Jan 13, 2026
    affected < 6.18.21-r0fixed 6.18.21-r0

    In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on functionfs (both ep0 and dy

  • CVE-2023-39180Nov 18, 2024
    affected < 0fixed 0

    A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio

  • CVE-2023-39179Nov 18, 2024
    affected < 0fixed 0

    A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i

  • CVE-2023-39176Nov 18, 2024
    affected < 0fixed 0

    A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this

  • CVE-2023-52904Aug 21, 2024
    affected < 0fixed 0

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.

  • CVE-2023-6535Feb 7, 2024
    affected < 6.18.16-r0fixed 6.18.16-r0

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6240Feb 4, 2024
    affected < 6.18.16-r0fixed 6.18.16-r0

    A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

  • CVE-2023-6679Dec 11, 2023
    affected < 0fixed 0

    A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

  • CVE-2023-6610Dec 8, 2023
    affected < 0fixed 0

    An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

  • CVE-2023-6238Nov 21, 2023
    affected < 0fixed 0

    A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing r

  • CVE-2023-6176Nov 16, 2023
    affected < 0fixed 0

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-3397Nov 1, 2023
    affected < 0fixed 0

    A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.

  • CVE-2023-4155Sep 13, 2023
    affected < 0fixed 0

    A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the

  • CVE-2023-4010Jul 31, 2023
    affected < 0fixed 0

    A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific

  • CVE-2023-3773Jul 25, 2023
    affected < 0fixed 0

    A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential lea

  • CVE-2023-3772Jul 25, 2023
    affected < 0fixed 0

    A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s

  • CVE-2023-3640Jul 24, 2023
    affected < 0fixed 0

    A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' fe

  • CVE-2023-2898May 26, 2023
    affected < 0fixed 0

    There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

  • CVE-2023-1076Mar 27, 2023
    affected < 0fixed 0

    A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o

  • CVE-2023-1075Mar 27, 2023
    affected < 0fixed 0

    A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

Page 2 of 6