CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
43.7%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (CVE-2023-52448)
kernel: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (CVE-2024-26897)
kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CVE-2024-26855)
kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (CVE-2024-27052)
kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046)
kernel: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-52651)
kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)
kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (CVE-2024-35789)
kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (CVE-2024-35852)
kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination (CVE-2024-35845)
kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907)
kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)
kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)
kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race (CVE-2023-52771)
kernel: wifi: nl80211: don't free NULL coalescing rule (CVE-2024-36941)
kernel: wifi: iwlwifi: read txq->read_ptr under lock (CVE-2024-36922)
kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971)
kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556)
kernel: net/mlx5: Discard command completions in internal error (CVE-2024-38555)
kernel: net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)
kernel: stm class: Fix a double free in stm_register_device() (CVE-2024-38627)
Bug Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.