Run environment Kernel vulnerabilities summary Vulnerabilities (other than kernel) with known fixes Vulnerabilities (other than kernel) with no known fixes
The kernel used in that image build is version 6.6.32. It is
affected by 21 vulnerabilities with no known fix,
and 3402 vulnerabilities which are fixed in later
releases*. There tend to be a long list of kernel vulnerabilities, so only
a summary is given here. For more details take a look at the accompanying
vex_report.kernel.json file.
The following table gives an idea of how many vulnerabilities with a known fix would be fixed by upgrading to a given kernel version. The upgrade versions are the current kernel LTS versions and the highest known patch of the kernel branch used for this build.
Some vulnerabilities received a fix outside of these branches, which is why the total doesn't exactly add up.
| Version to upgrade to | CVEs fixed out of 3402* |
|---|---|
| 6.6.120 | 3062 (90.0%) |
| 6.12.65 (LTS) | 158 (4.6%) |
| Package ▲ | Version | Fixed in version | Fixed CVEs (severity) |
|---|---|---|---|
| expat | 0:2.5.0-5.baseos.rpbatz_2.aarch64 | 0:2.5.0-5.el9_7.1 |
|
| libxml2 | 0:2.9.13-10.baseos.rpbatz_2.1r.aarch64 | 0:2.9.13-14.el9_7 |
|
| python3 | 0:3.9.21-2.apps.rpbatz_2.aarch64 | 0:3.9.25-2.el9_7 |
|
| python3-libs | 0:3.9.21-2.apps.rpbatz_2.aarch64 | 0:3.9.25-2.el9_7 |
|
| libsss_idmap | 0:2.9.4-6.apps.rpbatz_1.aarch64 | 0:2.9.7-4.el9_7.1 |
|
| libsss_nss_idmap | 0:2.9.4-6.apps.rpbatz_1.aarch64 | 0:2.9.7-4.el9_7.1 |
|
| gnupg2 | 0:2.3.3-4.baseos.rpbatz_1.aarch64 | 0:2.3.3-5.el9_7 |
|
| sudo | 0:1.9.5p2-10.apps.rpbatz_1_1.aarch64 | 0:1.9.5p2-10.el9_6.1 |
|
| sssd-client | 0:2.9.4-6.apps.rpbatz_1.aarch64 | 0:2.9.7-4.el9_7.1 |
|
| glibc-gconv-extra | 0:2.34-168.baseos.rpbatz_2.14.aarch64 | 0:2.34-168.el9_6.23 |
|
| glibc | 0:2.34-168.baseos.rpbatz_2.14.aarch64 | 0:2.34-168.el9_6.23 |
|
| glibc-common | 0:2.34-168.baseos.rpbatz_2.14.aarch64 | 0:2.34-168.el9_6.23 |
|
| glibc-langpack-en | 0:2.34-168.baseos.rpbatz_2.14.aarch64 | 0:2.34-168.el9_6.23 |
|
| gmp | 1:6.2.0-10.el9.aarch64 | 1:6.2.0-13.el9 |
|
| gnutls | 0:3.7.6-21.baseos.rpbatz.2.aarch64 | 0:3.8.3-6.el9_6.2 |
|
| tar | 2:1.34-7.apps.rpbatz_2.aarch64 | 2:1.34-9.el9_7 |
|
| openssl | 1:3.2.2-6.baseos.rpbatz_2.1.aarch64 | 1:3.5.1-4.el9_7 |
|
| openssl-libs | 1:3.2.2-6.baseos.rpbatz_2.1.aarch64 | 1:3.5.1-4.el9_7 |
|
| systemd-libs | 0:252-51.baseos.rpbatz_2.3r.aarch64 | 0:252-55.el9_7.7 |
|
| glib2 | 0:2.68.4-16.baseos.rpbatz_2.aarch64 | 0:2.68.4-16.el9_6.2 |
|
| systemd-pam | 0:252-51.baseos.rpbatz_2.3r.aarch64 | 0:252-55.el9_7.7 |
|
| systemd | 0:252-51.baseos.rpbatz_2.3r.aarch64 | 0:252-55.el9_7.7 |
|
| openssh | 0:8.7p1-45.apps.rpbatz_2.aarch64 | 0:8.7p1-47.el9_7 |
|
| iputils | 0:20210202-11.apps.rpbatz_2.aarch64 | 0:20210202-11.el9_6.3 |
|
| libssh | 0:0.10.4-13.baseos.rpbatz_1.aarch64 | 0:0.10.4-17.el9_7 |
|
| krb5-libs | 0:1.21.1-6.baseos.rpbatz_2.aarch64 | 0:1.21.1-8.el9_6 |
|
| libcurl | 0:7.76.1-29.baseos.rpbatz_1.1.aarch64 | 0:7.76.1-31.el9_6.2 |
|
| curl | 0:7.76.1-29.baseos.rpbatz_1.1.aarch64 | 0:7.76.1-31.el9_6.2 |
|
| systemd-udev | 0:252-51.baseos.rpbatz_2.3r.aarch64 | 0:252-55.el9_7.7 |
|
| jq | 0:1.6-17.apps.rpbatz_2.aarch64 | 0:1.6-17.el9_6.2 |
|
| openssh-clients | 0:8.7p1-45.apps.rpbatz_2.aarch64 | 0:8.7p1-47.el9_7 |
|
| openssh-server | 0:8.7p1-45.apps.rpbatz_2.aarch64 | 0:8.7p1-47.el9_7 |
|
| shadow-utils | 2:4.9-12.baseos.rpbatz_2.aarch64 | 2:4.9-15.el9 |
|
| Package ▲ | Version | CVEs (severity) |
|---|---|---|
| libbrotli | 0:1.0.9-7.baseos.rpbatz.aarch64 |
|
| qt5-srpm-macros | 0:5.15.3-1.el9.noarch |
|
| libssh-config | 0:0.10.4-13.baseos.rpbatz_1.noarch |
|
| coreutils-common | 0:8.32-39.baseos.rpbatz_2.aarch64 |
|
| libuuid | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| libsmartcols | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| libmicrohttpd | 1:0.9.72-5.apps.rpbatz_1.aarch64 |
|
| cpio | 0:2.13-16.baseos.rpbatz.aarch64 |
|
| coreutils | 0:8.32-39.baseos.rpbatz_2.aarch64 |
|
| libblkid | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| libmount | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| libfdisk | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| util-linux-core | 0:2.37.4-21.baseos.rpbatz_2.aarch64 |
|
| wpa_supplicant | 1:2.11-2.apps.rpbatz_2.aarch64 |
|
| polkit-libs | 0:0.117-13.apps.rpbatz_2.aarch64 |
|
| polkit | 0:0.117-13.apps.rpbatz_2.aarch64 |
|
| python3-pip-wheel | 0:21.3.1-1.baseos.rpbatz_2.noarch |
|
| tpm2-tss | 0:3.2.3-1.baseos.rpbatz_2.aarch64 |
|
| go-srpm-macros | 0:3.6.0-10.apps.rpbatz_2.noarch |
|
| wget | 0:1.21.1-8.apps.rpbatz_1.aarch64 |
|
| libgcc | 0:11.3.1-4.3.el9.aarch64 |
|
| pcre2-syntax | 0:10.40-6.baseos.rpbatz_2.noarch |
|
| libstdc++ | 0:11.3.1-4.3.el9.aarch64 |
|
| elfutils-libelf | 0:0.190-2.baseos.rpbatz_1.aarch64 |
|
| pcre2 | 0:10.40-6.baseos.rpbatz_2.aarch64 |
|
| gawk | 0:5.1.0-6.baseos.rpbatz.aarch64 |
|
| unzip | 0:6.0-56.apps.rpbatz.aarch64 |
|
| elfutils-default-yama-scope | 0:0.190-2.baseos.rpbatz_1.noarch |
|
| elfutils-libs | 0:0.190-2.baseos.rpbatz_1.aarch64 |
|
| elfutils-debuginfod-client | 0:0.190-2.baseos.rpbatz_1.aarch64 |
|
| libgomp | 0:11.3.1-4.3.el9.aarch64 |
|