VEX report

Run environment Kernel vulnerabilities summary Vulnerabilities (other than kernel) with known fixes Vulnerabilities (other than kernel) with no known fixes

Run environment

Distribution name
batz-2.2-update
Time of run
2026-04-17T10:01:06.418935

Kernel vulnerabilities summary

The kernel used in that image build is version 5.4.110. It is affected by 21 vulnerabilities with no known fix, and 4620 vulnerabilities which are fixed in later releases*. There tend to be a long list of kernel vulnerabilities, so only a summary is given here. For more details take a look at the accompanying vex_report.kernel.json file.

The following table gives an idea of how many vulnerabilities with a known fix would be fixed by upgrading to a given kernel version. The upgrade versions are the current kernel LTS versions and the highest known patch of the kernel branch used for this build.

Some vulnerabilities received a fix outside of these branches, which is why the total doesn't exactly add up.

Version to upgrade to CVEs fixed out of 4620*
5.4.3022934 (63.5%)
5.10.252 (LTS)640 (13.9%)
5.15.202 (LTS)277 (6.0%)
6.1.168 (LTS)364 (7.9%)
6.6.134 (LTS)145 (3.1%)
6.12.81 (LTS)65 (1.4%)
6.18.22 (LTS)13 (0.3%)

Vulnerabilities (other than kernel) with known fixes

Package VersionFixed in versionFixed CVEs (severity)
expat0:2.5.0-5.baseos.rpbatz_2.aarch640:2.5.0-5.el9_7.1
libxml20:2.9.13-10.baseos.rpbatz_2.1r.aarch640:2.9.13-14.el9_7
openssh0:8.7p1-45.apps.rpbatz_2.aarch640:8.7p1-48.el9_7
python30:3.9.21-2.apps.rpbatz_2.aarch640:3.9.25-3.el9_7.2
python3-libs0:3.9.21-2.apps.rpbatz_2.aarch640:3.9.25-3.el9_7.2
libnghttp20:1.43.0-6.baseos.rpbatz_2.aarch640:1.43.0-6.el9_7.1
libsss_idmap0:2.9.4-6.apps.rpbatz_1.aarch640:2.9.7-4.el9_7.1
libsss_nss_idmap0:2.9.4-6.apps.rpbatz_1.aarch640:2.9.7-4.el9_7.1
openssh-clients0:8.7p1-45.apps.rpbatz_2.aarch640:8.7p1-48.el9_7
openssh-server0:8.7p1-45.apps.rpbatz_2.aarch640:8.7p1-48.el9_7
sssd-client0:2.9.4-6.apps.rpbatz_1.aarch640:2.9.7-4.el9_7.1
gmp1:6.2.0-10.el9.aarch641:6.2.0-13.el9
gnutls0:3.7.6-21.baseos.rpbatz.2.aarch640:3.8.3-10.el9_7
libcurl0:7.76.1-29.baseos.rpbatz_1.1.aarch640:7.76.1-35.el9_7.3
curl0:7.76.1-29.baseos.rpbatz_1.1.aarch640:7.76.1-35.el9_7.3
shadow-utils2:4.9-12.baseos.rpbatz_2.aarch642:4.9-15.el9

Vulnerabilities (other than kernel) with no known fixes

Package Version CVEs (severity)
libcap 0:2.48-9.baseos.rpbatz.aarch64
qt5-srpm-macros 0:5.15.3-1.el9.noarch
linux-firmware-whence 0:20230310-137.apps.rpbatz.noarch
linux-firmware 0:20230310-137.apps.rpbatz.noarch
coreutils-common 0:8.32-39.baseos.rpbatz_2.aarch64
xz-libs 0:5.2.5-8.baseos.rpbatz.aarch64
libuuid 0:2.37.4-21.baseos.rpbatz_2.aarch64
libsmartcols 0:2.37.4-21.baseos.rpbatz_2.aarch64
p11-kit-trust 0:0.25.3-3.baseos.rpbatz_2.aarch64
xz 0:5.2.5-8.baseos.rpbatz.aarch64
libmicrohttpd 1:0.9.72-5.apps.rpbatz_1.aarch64
cpio 0:2.13-16.baseos.rpbatz.aarch64
libblkid 0:2.37.4-21.baseos.rpbatz_2.aarch64
libmount 0:2.37.4-21.baseos.rpbatz_2.aarch64
util-linux-core 0:2.37.4-21.baseos.rpbatz_2.aarch64
libfdisk 0:2.37.4-21.baseos.rpbatz_2.aarch64
util-linux 0:2.37.4-21.baseos.rpbatz_2.aarch64
wpa_supplicant 1:2.11-2.apps.rpbatz_2.aarch64
polkit-libs 0:0.117-13.apps.rpbatz_2.aarch64
polkit 0:0.117-13.apps.rpbatz_2.aarch64
python3-pip-wheel 0:21.3.1-1.baseos.rpbatz_2.noarch
tpm2-tss 0:3.2.3-1.baseos.rpbatz_2.aarch64
wget 0:1.21.1-8.apps.rpbatz_1.aarch64
libgcc 0:11.3.1-4.3.el9.aarch64
pcre2-syntax 0:10.40-6.baseos.rpbatz_2.noarch
zlib 0:1.2.11-40.baseos.rpbatz_1.aarch64
libstdc++ 0:11.3.1-4.3.el9.aarch64
elfutils-libelf 0:0.190-2.baseos.rpbatz_1.aarch64
pcre2 0:10.40-6.baseos.rpbatz_2.aarch64
libtasn1 0:4.16.0-9.baseos.rpbatz_2.aarch64
gawk 0:5.1.0-6.baseos.rpbatz.aarch64
unzip 0:6.0-56.apps.rpbatz.aarch64
openssl-fips-provider-so 0:3.0.7-6.apps.rpbatz_2.aarch64
openssl-fips-provider 0:3.0.7-6.apps.rpbatz_2.aarch64
elfutils-default-yama-scope 0:0.190-2.baseos.rpbatz_1.noarch
elfutils-libs 0:0.190-2.baseos.rpbatz_1.aarch64
libgomp 0:11.3.1-4.3.el9.aarch64