CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
net: fix __dst_negative_advice() race (CVE-2024-36971)
Bug Fix(es):
kernel.spec: run initramfs generation in %post (not only in %posttrans)
(RHEL-3292)
tcp: fix zero cwnd in tcp_cwnd_reduction (RHEL-43212)
epoll: fix use-after-free in eventpoll_release_file (RHEL-39665)
RHEL 7.9: include [net] netfilter: ipset: fix ip_set_list allocation failure (RHEL-6204)
gfs2: The gfs2_logd process to hang or stall which causes a performance degradation on the gfs2 filesystem (RHEL-8427)
[rhel7] gfs2: quota_change%u corruption (RHEL-37473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low