CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
12.6%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)
kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)
kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)
Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common (CVE-2023-2177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193377)
ibmvnic: NONFATAL reset causes dql BUG_ON crash (BZ#2236702)
i40e: backport selected bugfixes (BZ#2238306)
Random delay receiving packets after bringing up VLAN on top of VF with vf-vlan-pruning enabled (BZ#2240752)
sctp: fix hb_timer refresh for the pf state on transports (BZ#2245286)
sctp: sysctl: make extra pointers netns aware (BZ#2245289)