apk package

chainguard/linux-vmware-6.18

pkg:apk/chainguard/linux-vmware-6.18

Vulnerabilities (204)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-43103	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD from lapbeth_device_event() makes sure bonding driver can not b
CVE-2026-43102	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC
CVE-2026-43101	Hig	7.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev
CVE-2026-43100	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and nbp_vlan_group() return NULL (br_private.h stub definitions). The BR_BOOLOPT_FDB_
CVE-2026-43099	Hig	7.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer
CVE-2026-43098	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 6, 2026	In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82_uart_read() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already deliver a complet
CVE-2026-43045	Med	5.5	< 6.18.24-r1	6.18.24-r1	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin a
CVE-2026-43042	Hig	7.1	< 6.18.24-r1	6.18.24-r1	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43022	Med	5.5	< 6.18.24-r1	6.18.24-r1	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31719	Hig	7.5	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher comple
CVE-2026-31718	Cri	9.8	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP close without SMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve
CVE-2026-31717	Hig	8.8	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31716	Hig	7.8	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec->used in journal-replay file record check check_file_record() validates rec->total against the record size but never validates rec->used. The do_action() journal-replay handlers read rec
CVE-2026-31715	Hig	7.8	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31714	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dum
CVE-2026-31713	Med	5.5	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while a
CVE-2026-31712	Hig	8.3	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under-sized remaining buffer, not against an ACE whose declared `ace->size` is smaller
CVE-2026-31711	Hig	7.5	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()") addressed the kthread_run() failure path. Th
CVE-2026-31708	Hig	8.1	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL and the default QUERY_INFO path. The QUERY_INFO branch clamps qi.input_
CVE-2026-31707	Hig	7.1	< 6.18.31-r0	6.18.31-r0	May 1, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response t

CVE-2026-43103MedMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD from lapbeth_device_event() makes sure bonding driver can not b
CVE-2026-43102MedMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the non-linear part of the skb (e.g. due to an error in the payload length reported by the NIC
CVE-2026-43101HigMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev
CVE-2026-43100MedMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and nbp_vlan_group() return NULL (br_private.h stub definitions). The BR_BOOLOPT_FDB_
CVE-2026-43099HigMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer
CVE-2026-43098MedMay 6, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82_uart_read() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already deliver a complet
CVE-2026-43045MedMay 1, 2026
affected < 6.18.24-r1fixed 6.18.24-r1
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin a
CVE-2026-43042HigMay 1, 2026
affected < 6.18.24-r1fixed 6.18.24-r1
In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have an inconsistent view of platform_labels vs platform_label in case of a concurrent
CVE-2026-43022MedMay 1, 2026
affected < 6.18.24-r1fixed 6.18.24-r1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid le
CVE-2026-31719HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher comple
CVE-2026-31718CriMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP close without SMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve
CVE-2026-31717HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any aut
CVE-2026-31716HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec->used in journal-replay file record check check_file_record() validates rec->total against the record size but never validates rec->used. The do_action() journal-replay handlers read rec
CVE-2026-31715HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the p
CVE-2026-31714MedMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dum
CVE-2026-31713MedMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while a
CVE-2026-31712HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under-sized remaining buffer, not against an ACE whose declared `ace->size` is smaller
CVE-2026-31711HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()") addressed the kthread_run() failure path. Th
CVE-2026-31708HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL and the default QUERY_INFO path. The QUERY_INFO branch clamps qi.input_
CVE-2026-31707HigMay 1, 2026
affected < 6.18.31-r0fixed 6.18.31-r0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response t

Page 2 of 11