apk package
chainguard/linux-qemu-rc
pkg:apk/chainguard/linux-qemu-rc
Vulnerabilities (118)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31699 | Hig | 7.1 | < 7.1_rc3-r0 | 7.1_rc3-r0 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an i | |
| CVE-2026-31698 | Hig | 7.1 | < 7.1_rc3-r0 | 7.1_rc3-r0 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due | |
| CVE-2026-31697 | Hig | 7.1 | < 7.1_rc3-r0 | 7.1_rc3-r0 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was du | |
| CVE-2026-31696 | Hig | 7.8 | < 7.1_rc3-r0 | 7.1_rc3-r0 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key payloads: the XDR path (for large payloads) and the non-XDR path (for payloads < | |
| CVE-2026-31694 | Hig | 7.8 | < 7.1_rc3-r0 | 7.1_rc3-r0 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existi | |
| CVE-2026-31787 | Hig | 7.8 | < 7.1_rc3-r0 | 7.1_rc3-r0 | Apr 30, 2026 | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the | |
| CVE-2026-31786 | Hig | 7.8 | < 7.1_rc3-r0 | 7.1_rc3-r0 | Apr 30, 2026 | In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid | |
| CVE-2026-31688 | Hig | 7.8 | < 7.1_rc3-r0 | 7.1_rc3-r0 | Apr 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an | |
| CVE-2026-31574 | Med | 5.5 | < 7.0_rc5-r1 | 7.0_rc5-r1 | Apr 24, 2026 | In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock | |
| CVE-2023-39180 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio | ||
| CVE-2023-39179 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i | ||
| CVE-2023-39176 | — | < 0 | 0 | Nov 18, 2024 | A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this | ||
| CVE-2023-4458 | — | < 6.17_rc1-r0 | 6.17_rc1-r0 | Nov 14, 2024 | A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i | ||
| CVE-2023-52904 | — | < 0 | 0 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check. | ||
| CVE-2023-6535 | — | < 0 | 0 | Feb 7, 2024 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial | ||
| CVE-2023-6240 | — | < 7.0_rc5-r1 | 7.0_rc5-r1 | Feb 4, 2024 | A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. | ||
| CVE-2024-0193 | Hig | 7.8 | < 6.17_rc5-r0 | 6.17_rc5-r0 | Jan 2, 2024 | A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, al | |
| CVE-2023-7042 | — | < 6.17_rc5-r0 | 6.17_rc5-r0 | Dec 21, 2023 | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | ||
| CVE-2023-6679 | — | < 0 | 0 | Dec 11, 2023 | A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. | ||
| CVE-2023-6610 | — | < 0 | 0 | Dec 8, 2023 | An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. |
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an i
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was du
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key payloads: the XDR path (for large payloads) and the non-XDR path (for payloads <
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existi
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid
- affected < 7.1_rc3-r0fixed 7.1_rc3-r0
In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (__device_attach_driver) holds device_lock(dev), but the other two (bind_store an
- affected < 7.0_rc5-r1fixed 7.0_rc5-r1
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock
- CVE-2023-39180Nov 18, 2024affected < 0fixed 0
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authenticatio
- CVE-2023-39179Nov 18, 2024affected < 0fixed 0
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
- CVE-2023-39176Nov 18, 2024affected < 0fixed 0
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this
- CVE-2023-4458Nov 14, 2024affected < 6.17_rc1-r0fixed 6.17_rc1-r0
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive i
- CVE-2023-52904Aug 21, 2024affected < 0fixed 0
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
- CVE-2023-6535Feb 7, 2024affected < 0fixed 0
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
- CVE-2023-6240Feb 4, 2024affected < 7.0_rc5-r1fixed 7.0_rc5-r1
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
- affected < 6.17_rc5-r0fixed 6.17_rc5-r0
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, al
- CVE-2023-7042Dec 21, 2023affected < 6.17_rc5-r0fixed 6.17_rc5-r0
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.
- CVE-2023-6679Dec 11, 2023affected < 0fixed 0
A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.
- CVE-2023-6610Dec 8, 2023affected < 0fixed 0
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Page 2 of 6