The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for Centos:10
kernel
.
Note: Versions mentioned in the description apply only to the upstream kernel
package and not the kernel
package as distributed by Centos
.
See How to fix?
for Centos:10
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid using multiple devices with different type
For multiple devices, both primary and extra devices should be the
same type. erofs_init_device
has already guaranteed that if the
primary is a file-backed device, extra devices should also be
regular files.
However, if the primary is a block device while the extra device
is a file-backed device, erofs_init_device
will get an ENOTBLK,
which is not treated as an error in erofs_fc_get_tree
, and that
leads to an UAF:
erofs_fc_get_tree get_tree_bdev_flags(erofs_fc_fill_super) erofs_read_superblock erofs_init_device // sbi->dif0 is not inited yet, // return -ENOTBLK deactivate_locked_super free(sbi) if (err is -ENOTBLK) sbi->dif0.file = filp_open() // sbi UAF
So if -ENOTBLK is hitted in erofs_init_device
, it means the
primary device must be a block device, and the extra device
is not a block device. The error can be converted to -EINVAL.