apk package

chainguard/linux-vmware-6.12

pkg:apk/chainguard/linux-vmware-6.12

Vulnerabilities (271)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-43284	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 8, 2026	In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43234	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: team: avoid NETDEV_CHANGEMTU event when unregistering slave syzbot is reporting unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3 ref_tracker: netdev@ffff88807dcf8618 has 1/2 use
CVE-2026-43220	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinl
CVE-2026-43219	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet If an error occurs during register_netdev() for the first MAC in cpsw_register_ports(), even though cpsw->slaves[0].ndev is set
CVE-2026-43131	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2025-71285	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI stack to auto queue the buffers for the RX path (DL channel). Though this feature
CVE-2026-43118	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042	Hig	7.1	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777	Med	5.5	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31717	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31715	Hig	7.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31709	Hig	8.8	< 6.12.85-r2	6.12.85-r2	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th

CVE-2026-43284HigMay 8, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
CVE-2026-43272MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced
CVE-2026-43263HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpu_instance" this structu
CVE-2026-43234MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: team: avoid NETDEV_CHANGEMTU event when unregistering slave syzbot is reporting unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3 ref_tracker: netdev@ffff88807dcf8618 has 1/2 use
CVE-2026-43220MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinl
CVE-2026-43219MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet If an error occurs during register_netdev() for the first MAC in cpsw_register_ports(), even though cpsw->slaves[0].ndev is set
CVE-2026-43131MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here.
CVE-2026-43127MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in run_unpack_ex Syzbot reported a circular locking dependency between wnd->rw_lock (sbi->used.bitmap) and ni->file.run_lock. The deadlock scenario: 1. ntfs_extend_mft()
CVE-2025-71285MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI stack to auto queue the buffers for the RX path (DL channel). Though this feature
CVE-2026-43118MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the lo
CVE-2026-43116HigMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas
CVE-2026-43115MedMay 6, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called
CVE-2026-43042HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43034MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware response in ctxm->type and later uses that value to index fixed backing-store metadata
CVE-2026-43033HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could
CVE-2026-43022MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31777MedMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from
CVE-2026-31717HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31715HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31709HigMay 1, 2026
affected < 6.12.85-r2fixed 6.12.85-r2
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th

Page 1 of 14