8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.0%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)
kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)
kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)
kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)
kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)
kernel: use after free in nft_immediate_deactivate (CVE-2023-4015)
kernel: A heap out-of-bounds write (CVE-2023-5717)
hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)
kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)
kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)
kernel: SEV-ES local priv escalation (CVE-2023-46813)
kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)
kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c (CVE-2023-6679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
sev-guest is not loaded automatically in the guest kernel when sev-snp is enabled (BZ#2218934)
Cgroups v2: Current interface to disable cpu load balancing not compatible with kubernetes cgroup hierarchy (BZ#2238754)
WPC ice driver misc irq not getting generated for a interface. (BZ#2245881)
RHEL9.0 - s390/qeth: NET2016 - fix use-after-free in HSCI (BZ#2247798)
pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (BZ#2249557)
cifs: fix dentry lookups in directory handle cache (BZ#2249558)
Performance regression with random 2 KiB writes to ext4 filesystem with 4 KiB filesystem blocks (BZ#2249685)
kernel.spec: Fix UKI naming to comply with BLS (BZ#2254546)
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.0%