CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)
kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)
kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)
Bug Fix(es):
multi-page bvec configuration for integrity payload (JIRA:RHEL-15150)
ipoib mcast lockup fix (JIRA:RHEL-30259)
Kernel panic in skb_segment (JIRA:RHEL-30560)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.