CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.7%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: use-after-free in RDMA listen() (CVE-2021-4028)
kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Backport DFS fixes from upstream (BZ#2056329)
[AlmaLinux8.5] lpfc driver often fails to detect storage directly connected to Broadcom FC HBA (BZ#2058193)
nf_reinject calls nf_queue_entry_free on an already freed entry->state (BZ#2061446)
gfs2 blocking in gdlm_lock (BZ#2069750)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
almalinux | 8 | x86_64 | kernel-tools-libs-devel | < 4.18.0-348.23.1.el8_5 | kernel-tools-libs-devel-4.18.0-348.23.1.el8_5.x86_64.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.7%