The kernel used in that image build is version 5.14.0. It is
affected by 21 vulnerabilities with no known fix,
and 5116 vulnerabilities which are fixed in later
releases*. There tend to be a long list of kernel vulnerabilities, so only
a summary is given here. For more details take a look at the accompanying
vex_report.kernel.json file.
The following table gives an idea of how many vulnerabilities with a known fix would be fixed by upgrading to a given kernel version. The upgrade versions are the current kernel LTS versions and the highest known patch of the kernel branch used for this build.
Some vulnerabilities received a fix outside of these branches, which is why the total doesn't exactly add up.
| Version to upgrade to | CVEs fixed out of 5116* |
|---|---|
| 5.14.21 | 135 (2.6%) |
| 5.15.196 (LTS) | 4091 (80.0%) |
| 6.1.158 (LTS) | 339 (6.6%) |
| 6.6.118 (LTS) | 203 (4.0%) |
| 6.12.60 (LTS) | 98 (1.9%) |
| Package ▲ | Version | Fixed in version | Fixed CVEs (severity) |
|---|---|---|---|
| glibc-gconv-extra | 0:2.34-60.baseos.rpbatz.17.x86_64 | 0:2.34-100.el9 |
|
| glibc | 0:2.34-60.baseos.rpbatz.17.x86_64 | 0:2.34-100.el9 |
|
| glibc-common | 0:2.34-60.baseos.rpbatz.17.x86_64 | 0:2.34-100.el9 |
|
| glibc-langpack-en | 0:2.34-60.baseos.rpbatz.17.x86_64 | 0:2.34-100.el9 |
|
| pam | 0:1.5.1-15.baseos.rpbatz.x86_64 | 0:1.5.1-19.el9 |
|
| libsss_idmap | 0:2.8.2-5.apps.rpbatz.5.x86_64 | 0:2.8.2-5.el9_2.6 |
|
| libsss_nss_idmap | 0:2.8.2-5.apps.rpbatz.5.x86_64 | 0:2.8.2-5.el9_2.6 |
|
| krb5-libs | 0:1.20.1-9.baseos.rpbatz.x86_64 | 0:1.21.1-6.el9 |
|
| libcurl | 0:7.76.1-23.baseos.rpbatz.7.x86_64 | 0:7.76.1-26.el9_3.3 |
|
| curl | 0:7.76.1-23.baseos.rpbatz.7.x86_64 | 0:7.76.1-26.el9_3.3 |
|
| grub2-tools-minimal | 1:2.06-61.baseos.rpbatz.9.x86_64 | 1:2.06-77.el9 |
|
| grub2-tools | 1:2.06-61.baseos.rpbatz.9.x86_64 | 1:2.06-77.el9 |
|
| sudo | 0:1.9.5p2-9.apps.rpbatz.2.x86_64 | 0:1.9.5p2-10.el9_3 |
|
| sssd-client | 0:2.8.2-5.apps.rpbatz.5.x86_64 | 0:2.8.2-5.el9_2.6 |
|
| libgcc | 0:11.3.1-4.3.el9.x86_64 | 0:11.3.1-4.4.el9_2 |
|
| libstdc++ | 0:11.3.1-4.3.el9.x86_64 | 0:11.3.1-4.4.el9_2 |
|
| gmp | 1:6.2.0-10.el9.x86_64 | 1:6.2.0-13.el9 |
|
| libgcrypt | 0:1.10.0-10.baseos.rpbatz.x86_64 | 0:1.10.0-11.el9 |
|
| gnutls | 0:3.7.6-21.baseos.rpbatz.2.x86_64 | 0:3.8.3-6.el9 |
|
| squashfs-tools | 0:4.4-8.git1.apps.rpbatz.x86_64 | 0:4.4-10.git1.el9 |
|
| libmicrohttpd | 1:0.9.72-4.apps.rpbatz.x86_64 | 1:0.9.72-5.el9 |
|
| openssl | 1:3.0.7-18.baseos.rpbatz.x86_64 | 1:3.0.7-27.el9 |
|
| openssl-libs | 1:3.0.7-18.baseos.rpbatz.x86_64 | 1:3.0.7-27.el9 |
|
| openssh | 0:8.7p1-30.apps.rpbatz.8.x86_64 | 0:8.7p1-45.el9 |
|
| python3 | 0:3.9.16-1.apps.rpbatz.8.x86_64 | 0:3.9.21-2.el9 |
|
| python3-libs | 0:3.9.16-1.apps.rpbatz.8.x86_64 | 0:3.9.21-2.el9 |
|
| libssh | 0:0.10.4-9.baseos.rpbatz.x86_64 | 0:0.10.4-13.el9 |
|
| libgomp | 0:11.3.1-4.3.el9.x86_64 | 0:11.3.1-4.4.el9_2 |
|
| tpm2-tss | 0:3.0.3-8.baseos.rpbatz.x86_64 | 0:3.2.2-2.el9 |
|
| rpm-libs | 0:4.16.1.3-24.baseos.rpbatz.x86_64 | 0:4.16.1.3-27.el9_3 |
|
| rpm | 0:4.16.1.3-24.baseos.rpbatz.x86_64 | 0:4.16.1.3-27.el9_3 |
|
| wpa_supplicant | 1:2.10-4.apps.rpbatz.x86_64 | 1:2.10-5.el9 |
|
| rpm-build-libs | 0:4.16.1.3-24.baseos.rpbatz.x86_64 | 0:4.16.1.3-27.el9_3 |
|
| iputils | 0:20210202-8.apps.rpbatz.1.x86_64 | 0:20210202-8.el9_2.4 |
|
| perl-libs | 4:5.32.1-480.baseos.rpbatz.x86_64 | 4:5.32.1-481.el9 |
|
| perl-interpreter | 4:5.32.1-480.baseos.rpbatz.x86_64 | 4:5.32.1-481.el9 |
|
| rpm-sign-libs | 0:4.16.1.3-24.baseos.rpbatz.x86_64 | 0:4.16.1.3-27.el9_3 |
|
| python3-rpm | 0:4.16.1.3-24.baseos.rpbatz.x86_64 | 0:4.16.1.3-27.el9_3 |
|
| openssh-clients | 0:8.7p1-30.apps.rpbatz.8.x86_64 | 0:8.7p1-45.el9 |
|
| openssh-server | 0:8.7p1-30.apps.rpbatz.8.x86_64 | 0:8.7p1-45.el9 |
|
| file-libs | 0:5.39-12.1.baseos.rpbatz.x86_64 | 0:5.39-16.el9 |
|
| shadow-utils | 2:4.9-6.baseos.rpbatz.x86_64 | 2:4.9-15.el9 |
|
| file | 0:5.39-12.1.baseos.rpbatz.x86_64 | 0:5.39-16.el9 |
|
| procps-ng | 0:3.3.17-11.baseos.rpbatz.x86_64 | 0:3.3.17-13.el9 |
|
| Package ▲ | Version | CVEs (severity) |
|---|---|---|
| qt5-srpm-macros | 0:5.15.3-1.el9.noarch |
|
| linux-firmware-whence | 0:20230310-137.apps.rpbatz.noarch |
|
| linux-firmware | 0:20230310-137.apps.rpbatz.noarch |
|
| libssh-config | 0:0.10.4-9.baseos.rpbatz.noarch |
|
| coreutils-common | 0:8.32-35.baseos.rpbatz.x86_64 |
|
| lz4-libs | 0:1.9.3-5.baseos.rpbatz.x86_64 |
|
| tar | 2:1.34-6.apps.rpbatz.1.x86_64 |
|
| libmicrohttpd | 1:0.9.72-4.apps.rpbatz.x86_64 |
|
| cpio | 0:2.13-16.baseos.rpbatz.x86_64 |
|
| coreutils | 0:8.32-35.baseos.rpbatz.x86_64 |
|
| polkit-libs | 0:0.117-11.apps.rpbatz.1.x86_64 |
|
| grub2-common | 1:2.06-61.baseos.rpbatz.9.noarch |
|
| openssh | 0:8.7p1-30.apps.rpbatz.8.x86_64 |
|
| python3-pip-wheel | 0:21.2.3-6.baseos.rpbatz.noarch |
|
| python3 | 0:3.9.16-1.apps.rpbatz.8.x86_64 |
|
| python3-libs | 0:3.9.16-1.apps.rpbatz.8.x86_64 |
|
| libssh | 0:0.10.4-9.baseos.rpbatz.x86_64 |
|
| libcurl | 0:7.76.1-23.baseos.rpbatz.7.x86_64 |
|
| tpm2-tss | 0:3.0.3-8.baseos.rpbatz.x86_64 |
|
| curl | 0:7.76.1-23.baseos.rpbatz.7.x86_64 |
|
| grub2-tools-minimal | 1:2.06-61.baseos.rpbatz.9.x86_64 |
|
| wpa_supplicant | 1:2.10-4.apps.rpbatz.x86_64 |
|
| grub2-tools | 1:2.06-61.baseos.rpbatz.9.x86_64 |
|
| polkit | 0:0.117-11.apps.rpbatz.1.x86_64 |
|
| openssh-clients | 0:8.7p1-30.apps.rpbatz.8.x86_64 |
|
| openssh-server | 0:8.7p1-30.apps.rpbatz.8.x86_64 |
|
| wget | 0:1.21.1-7.apps.rpbatz.1.x86_64 |
|
| libgcc | 0:11.3.1-4.3.el9.x86_64 |
|
| pcre2-syntax | 0:10.40-2.baseos.rpbatz.noarch |
|
| libstdc++ | 0:11.3.1-4.3.el9.x86_64 |
|
| pcre2 | 0:10.40-2.baseos.rpbatz.x86_64 |
|
| gawk | 0:5.1.0-6.baseos.rpbatz.x86_64 |
|
| unzip | 0:6.0-56.apps.rpbatz.x86_64 |
|
| openssl | 1:3.0.7-18.baseos.rpbatz.x86_64 |
|
| openssl-libs | 1:3.0.7-18.baseos.rpbatz.x86_64 |
|
| libgomp | 0:11.3.1-4.3.el9.x86_64 |
|
| gnupg2 | 0:2.3.3-2.baseos.rpbatz.x86_64 |
|