CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.6%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition (CVE-2023-1118)
kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)
kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)
kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)
kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)
kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)
kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)
CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743)
kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)
Bug Fix(es):
md raid5 deadlock during sync check (JIRA:RHEL-27235)
NULL pointer dereference occurs in x2apic_dead_cpu() due to missing backport from upstream commit 7a22e03b0c02 (JIRA:RHEL-32733)
[RHEL8.8][ltp] case vma05 failed on x86_64 (JIRA:RHEL-33448)
XFS: thaw operation hungs if caches are dropped while FS is frozen (JIRA:RHEL-34523)
Temporary values in FIPS integrity test should be zeroized (JIRA:RHEL-36693)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.