8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
21.6%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)
kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
kernel: media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
kernel: use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)
kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)
kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)
kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event’s read_size (CVE-2023-6931)
kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
21.6%