8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.036 Low
EPSS
Percentile
91.5%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)
Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
kernel: TLB flush happens too late on mremap (CVE-2018-18281)
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
guest softlockup in mem_cgroup_reparent_charges with 800GB guests (BZ#1770111)
[RHEL7.7] Refined TSC clocksource calibration occasionally fails on some SkyLake-X servers (BZ#1775682)
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.036 Low
EPSS
Percentile
91.5%