The kernel used in that image build is version 5.4.47. It is
affected by 21 vulnerabilities with no known fix,
and 1497 vulnerabilities which are fixed in later
releases*. There tend to be a long list of kernel vulnerabilities, so only
a summary is given here. For more details take a look at the accompanying
vex_report.kernel.json file.
The following table gives an idea of how many vulnerabilities with a known fix would be fixed by upgrading to a given kernel version. The upgrade versions are the current kernel LTS versions and the highest known patch of the kernel branch used for this build.
Some vulnerabilities received a fix outside of these branches, which is why the total doesn't exactly add up.
| Version to upgrade to | CVEs fixed out of 1497* |
|---|---|
| 5.4.302 | 961 (64.2%) |
| 5.10.246 (LTS) | 178 (11.9%) |
| 5.15.196 (LTS) | 110 (7.3%) |
| 6.1.158 (LTS) | 92 (6.1%) |
| 6.6.118 (LTS) | 65 (4.3%) |
| 6.12.60 (LTS) | 28 (1.9%) |
| Package ▲ | Version | Fixed in version | Fixed CVEs (severity) |
|---|---|---|---|
| expat | 0:2.5.0-5.baseos.rpbatz_2.x86_64 | 0:2.5.0-5.el9_7.1 |
|
| sqlite-libs | 0:3.34.1-7.baseos.rpbatz_1.x86_64 | 0:3.34.1-9.el9_7 |
|
| libxml2 | 0:2.9.13-10.baseos.rpbatz_2.1r.x86_64 | 0:2.9.13-14.el9_7 |
|
| pam | 0:1.5.1-23.baseos.rpbatz_1.x86_64 | 0:1.5.1-26.el9_6 |
|
| python3 | 0:3.9.21-2.apps.rpbatz_2.x86_64 | 0:3.9.21-2.el9_6.1 |
|
| python3-libs | 0:3.9.21-2.apps.rpbatz_2.x86_64 | 0:3.9.21-2.el9_6.1 |
|
| libsss_idmap | 0:2.9.4-6.apps.rpbatz_1.x86_64 | 0:2.9.7-4.el9_7.1 |
|
| libsss_nss_idmap | 0:2.9.4-6.apps.rpbatz_1.x86_64 | 0:2.9.7-4.el9_7.1 |
|
| sudo | 0:1.9.5p2-10.apps.rpbatz_1_1.x86_64 | 0:1.9.5p2-10.el9_6.1 |
|
| sssd-client | 0:2.9.4-6.apps.rpbatz_1.x86_64 | 0:2.9.7-4.el9_7.1 |
|
| glibc-gconv-extra | 0:2.34-168.baseos.rpbatz_2.14.x86_64 | 0:2.34-168.el9_6.23 |
|
| glibc | 0:2.34-168.baseos.rpbatz_2.14.x86_64 | 0:2.34-168.el9_6.23 |
|
| glibc-common | 0:2.34-168.baseos.rpbatz_2.14.x86_64 | 0:2.34-168.el9_6.23 |
|
| glibc-langpack-en | 0:2.34-168.baseos.rpbatz_2.14.x86_64 | 0:2.34-168.el9_6.23 |
|
| gmp | 1:6.2.0-10.el9.x86_64 | 1:6.2.0-13.el9 |
|
| gnutls | 0:3.7.6-21.baseos.rpbatz.2.x86_64 | 0:3.8.3-6.el9_6.2 |
|
| openssl | 1:3.2.2-6.baseos.rpbatz_2.1.x86_64 | 1:3.5.1-4.el9_7 |
|
| openssl-libs | 1:3.2.2-6.baseos.rpbatz_2.1.x86_64 | 1:3.5.1-4.el9_7 |
|
| systemd-libs | 0:252-51.baseos.rpbatz_2.3r.x86_64 | 0:252-55.el9_7.7 |
|
| glib2 | 0:2.68.4-16.baseos.rpbatz_2.x86_64 | 0:2.68.4-16.el9_6.2 |
|
| systemd-pam | 0:252-51.baseos.rpbatz_2.3r.x86_64 | 0:252-55.el9_7.7 |
|
| systemd | 0:252-51.baseos.rpbatz_2.3r.x86_64 | 0:252-55.el9_7.7 |
|
| bluez | 0:5.64-2.apps.rpbatz.x86_64 | 0:5.72-2.el9 |
|
| iputils | 0:20210202-11.apps.rpbatz_2.x86_64 | 0:20210202-11.el9_6.3 |
|
| libssh | 0:0.10.4-13.baseos.rpbatz_1.x86_64 | 0:0.10.4-15.el9_7 |
|
| krb5-libs | 0:1.21.1-6.baseos.rpbatz_2.x86_64 | 0:1.21.1-8.el9_6 |
|
| systemd-udev | 0:252-51.baseos.rpbatz_2.3r.x86_64 | 0:252-55.el9_7.7 |
|
| perl-libs | 4:5.32.1-481.baseos.rpbatz_1.x86_64 | 4:5.32.1-481.1.el9_6 |
|
| perl-interpreter | 4:5.32.1-481.baseos.rpbatz_1.x86_64 | 4:5.32.1-481.1.el9_6 |
|
| jq | 0:1.6-17.apps.rpbatz_2.x86_64 | 0:1.6-17.el9_6.2 |
|
| ncurses-libs | 0:6.2-10.20210508.baseos.rpbatz_1.x86_64 | 0:6.2-10.20210508.el9_6.2 |
|
| shadow-utils | 2:4.9-12.baseos.rpbatz_2.x86_64 | 2:4.9-15.el9 |
|
| ncurses | 0:6.2-10.20210508.baseos.rpbatz_1.x86_64 | 0:6.2-10.20210508.el9_6.2 |
|
| Package ▲ | Version | CVEs (severity) |
|---|---|---|
| qt5-srpm-macros | 0:5.15.3-1.el9.noarch |
|
| linux-firmware-whence | 0:20230310-137.apps.rpbatz.noarch |
|
| linux-firmware | 0:20230310-137.apps.rpbatz.noarch |
|
| libssh-config | 0:0.10.4-13.baseos.rpbatz_1.noarch |
|
| coreutils-common | 0:8.32-39.baseos.rpbatz_2.x86_64 |
|
| sqlite-libs | 0:3.34.1-7.baseos.rpbatz_1.x86_64 |
|
| lz4-libs | 0:1.9.3-5.baseos.rpbatz.x86_64 |
|
| tar | 2:1.34-7.apps.rpbatz_2.x86_64 |
|
| libmicrohttpd | 1:0.9.72-5.apps.rpbatz_1.x86_64 |
|
| cpio | 0:2.13-16.baseos.rpbatz.x86_64 |
|
| coreutils | 0:8.32-39.baseos.rpbatz_2.x86_64 |
|
| glib2 | 0:2.68.4-16.baseos.rpbatz_2.x86_64 |
|
| polkit-libs | 0:0.117-13.apps.rpbatz_2.x86_64 |
|
| polkit | 0:0.117-13.apps.rpbatz_2.x86_64 |
|
| wpa_supplicant | 1:2.11-2.apps.rpbatz_2.x86_64 |
|
| openssh | 0:8.7p1-45.apps.rpbatz_2.x86_64 |
|
| bluez | 0:5.64-2.apps.rpbatz.x86_64 |
|
| python3-pip-wheel | 0:21.3.1-1.baseos.rpbatz_2.noarch |
|
| python3 | 0:3.9.21-2.apps.rpbatz_2.x86_64 |
|
| python3-libs | 0:3.9.21-2.apps.rpbatz_2.x86_64 |
|
| libssh | 0:0.10.4-13.baseos.rpbatz_1.x86_64 |
|
| libcurl | 0:7.76.1-29.baseos.rpbatz_1.1.x86_64 |
|
| curl | 0:7.76.1-29.baseos.rpbatz_1.1.x86_64 |
|
| tpm2-tss | 0:3.2.3-1.baseos.rpbatz_2.x86_64 |
|
| go-srpm-macros | 0:3.6.0-10.apps.rpbatz_2.noarch |
|
| openssh-clients | 0:8.7p1-45.apps.rpbatz_2.x86_64 |
|
| openssh-server | 0:8.7p1-45.apps.rpbatz_2.x86_64 |
|
| wget | 0:1.21.1-8.apps.rpbatz_1.x86_64 |
|
| libgcc | 0:11.3.1-4.3.el9.x86_64 |
|
| pcre2-syntax | 0:10.40-6.baseos.rpbatz_2.noarch |
|
| ncurses-base | 0:6.2-10.20210508.baseos.rpbatz_1.noarch |
|
| ncurses-libs | 0:6.2-10.20210508.baseos.rpbatz_1.x86_64 |
|
| libstdc++ | 0:11.3.1-4.3.el9.x86_64 |
|
| elfutils-libelf | 0:0.190-2.baseos.rpbatz_1.x86_64 |
|
| expat | 0:2.5.0-5.baseos.rpbatz_2.x86_64 |
|
| libxml2 | 0:2.9.13-10.baseos.rpbatz_2.1r.x86_64 |
|
| pcre2 | 0:10.40-6.baseos.rpbatz_2.x86_64 |
|
| gawk | 0:5.1.0-6.baseos.rpbatz.x86_64 |
|
| unzip | 0:6.0-56.apps.rpbatz.x86_64 |
|
| openssl | 1:3.2.2-6.baseos.rpbatz_2.1.x86_64 |
|
| openssl-libs | 1:3.2.2-6.baseos.rpbatz_2.1.x86_64 |
|
| elfutils-default-yama-scope | 0:0.190-2.baseos.rpbatz_1.noarch |
|
| elfutils-libs | 0:0.190-2.baseos.rpbatz_1.x86_64 |
|
| elfutils-debuginfod-client | 0:0.190-2.baseos.rpbatz_1.x86_64 |
|
| ncurses | 0:6.2-10.20210508.baseos.rpbatz_1.x86_64 |
|
| gnupg2 | 0:2.3.3-4.baseos.rpbatz_1.x86_64 |
|
| jq | 0:1.6-17.apps.rpbatz_2.x86_64 |
|
| libgomp | 0:11.3.1-4.3.el9.x86_64 |
|