7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
51.3%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)
kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)
kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child’s sibling_list (CVE-2023-5717)
kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)
kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)
kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)
kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)
kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
bugzilla.redhat.com/show_bug.cgi?id=2235306
bugzilla.redhat.com/show_bug.cgi?id=2246945
bugzilla.redhat.com/show_bug.cgi?id=2253611
bugzilla.redhat.com/show_bug.cgi?id=2253614
bugzilla.redhat.com/show_bug.cgi?id=2253908
bugzilla.redhat.com/show_bug.cgi?id=2254052
bugzilla.redhat.com/show_bug.cgi?id=2254053
bugzilla.redhat.com/show_bug.cgi?id=2254054
bugzilla.redhat.com/show_bug.cgi?id=2255139
bugzilla.redhat.com/show_bug.cgi?id=2255653
bugzilla.redhat.com/show_bug.cgi?id=2259866
errata.rockylinux.org/RXSA-2024:1248
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
51.3%