CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.4%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: arp: Prevent overflow in arp_req_get(). (CVE-2024-26733)
kernel: x86/xen: Add some null pointer checking to smp.c (CVE-2024-26908)
kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)
kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
kernel: bonding: stop the device in bond_setup_by_slave() (CVE-2023-52784)
kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548)
kernel: i40e: fix vf may be used uninitialized in this function warning (CVE-2024-36020)
kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (CVE-2024-36025)
kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs (CVE-2024-36929)
kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924)
kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743)
kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (CVE-2024-38596)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.